Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Bpay Rechnung von Manuel Wagner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 26.04.2014, 10:04   #1
Problemtyp
 
Bpay Rechnung von Manuel Wagner - Standard

Bpay Rechnung von Manuel Wagner



Hallo ich habe eine Frage,

habe einen Text bekommen das ich eine Rechnung bezahlen soll von Manuel Wagner.

Folgender Text:
Betreff: Ihre Rechnung
Absender: Manuel Wagner <private E-Mail-Adresse>
Anhang: Rechnung.exe
Text:
Guten Tag,

Im Anhang dieser Email senden wir Ihnen Ihre aktuelle Rechnung.

Der offene Betrag ist innerhalb von 10 Tagen zu begleichen.

Bpay AG

>>>Habe Exe leider geladen und geöffnet.

Habe danach erst danach gegoogelt und habe mir erst danach Gedanken gemacht...Dumm dumm, ja ich weiß...ärger mich selber darüber.

Habe Windows 7 ultimate als System, 64 bit.

Habe nun Antimalewarebytes über mein System laufen lassen.

3 mal bisher.

Folgendes kam dabei raus:

Vorgang 1:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.04.25.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Crackhead :: CRACKHEAD-PC [Administrator]

25.04.2014 22:36:01
mbam-log-2014-04-25 (22-36-01).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 437303
Laufzeit: 2 Stunde(n), 23 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\Users\Crackhead\AppData\Local\Temp\csrss.exe (Spyware.Zbot.ED) -> 2200 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 16
HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\IB Updater (PUP.Optional.Incredibar.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd (PUP.Optional.Incredibar.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Incredibar.com\incredibar (PUP.Optional.Incredibar.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Vittalia\AxtanInstaller (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Wow6432Node\IB Updater (PUP.Optional.Incredibar.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd (PUP.Optional.Incredibar.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Keine Aktion durchgeführt.
HKCR\esrv.IncredibarESrvc (PUP.Optional.Incredibar.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\esrv.IncredibarESrvc.1 (PUP.Optional.Incredibar.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SYSTEM\CURRENTCONTROLSET\SERVICES\RUN (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\AppDataLow\SProtector (PUP.Optional.SProtector.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Softonic\Universal Downloader (PUP.Optional.Softonic.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 9
HKCU\SYSTEM\CurrentControlSet\Services\Run|Windows RPC Host Service (Malware.Trace) -> Daten: C:\Users\Crackhead\AppData\Local\Temp\csrss.exe -> Keine Aktion durchgeführt.
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Daten: {8A7B39D8-6965-11E2-9F3D-50465D6845CD} -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft Windows Hosting Service (Spyware.Zbot.ED) -> Daten: C:\Users\Crackhead\AppData\Local\Temp\csrss.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft Windows Hosting Service (Spyware.Zbot.ED) -> Daten: C:\Users\Crackhead\AppData\Local\Temp\csrss.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions\{336D0C35-8A85-403a-B9D2-65C292C39087} (PUP.Optional.HomePageProtector.A) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|{336D0C35-8A85-403a-B9D2-65C292C39087} (PUP.Optional.HomePageProtector.A) -> Daten: C:\Program Files\IB Updater\Firefox -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon|Microsoft Windows Firewall Service (Trojan.Agent) -> Daten: C:\Users\Crackhead\AppData\Local\Temp\csrss.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Daten: {8A7B39D8-6965-11E2-9F3D-50465D6845CD} -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SYSTEM\CurrentControlSet\Services\Run|Windows RPC Host Service (Trojan.Sermis) -> Daten: C:\Users\Crackhead\AppData\Local\Temp\csrss.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 5
C:\Users\Crackhead\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\Crackhead\AppData\Roaming\OpenCandy\B31BC3D7813F4B6AAA49BC7EBA4526C3 (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\Crackhead\AppData\Local\Temp\ct3288691 (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\Crackhead\AppData\Local\Temp\ct3297265 (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\Crackhead\AppData\Local\Temp\ct3297861 (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.

Infizierte Dateien: 11
C:\Users\Crackhead\AppData\Local\Temp\ct3288691\chromeid.txt (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\Crackhead\AppData\Local\Temp\ct3288691\setup.ini.txt (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\Crackhead\AppData\Local\Temp\ct3297265\chromeid.txt (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\Crackhead\AppData\Local\Temp\ct3297265\CT3297265.txt (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\Crackhead\AppData\Local\Temp\ct3297265\initData.json (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\Crackhead\AppData\Local\Temp\ct3297265\manifest.json (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\Crackhead\AppData\Local\Temp\ct3297265\setup.ini.txt (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\Crackhead\AppData\Local\Temp\ct3297861\chromeid.txt (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\Crackhead\AppData\Local\Temp\ct3297861\setup.ini.txt (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\Crackhead\AppData\Local\Temp\csrss.exe (Spyware.Zbot.ED) -> Löschen bei Neustart.
C:\Users\Crackhead\AppData\Local\Temp\nsrB444.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)


Vorgang 2
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.04.25.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Crackhead :: CRACKHEAD-PC [Administrator]

26.04.2014 03:39:53
mbam-log-2014-04-26 (03-39-53).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 172739
Laufzeit: 3 Stunde(n), 52 Minute(n), 7 Sekunde(n) [Abgebrochen]

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Vorgang 3
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.04.25.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Crackhead :: CRACKHEAD-PC [Administrator]

26.04.2014 08:06:44
mbam-log-2014-04-26 (08-06-44).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 223784
Laufzeit: 15 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 7
HKLM\SOFTWARE\IB Updater (PUP.Optional.Incredibar.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd (PUP.Optional.Incredibar.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Incredibar.com\incredibar (PUP.Optional.Incredibar.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Vittalia\AxtanInstaller (PUP.Optional.BundleInstaller.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Wow6432Node\IB Updater (PUP.Optional.Incredibar.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd (PUP.Optional.Incredibar.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Daten: {8A7B39D8-6965-11E2-9F3D-50465D6845CD} -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 5
C:\Users\Crackhead\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Crackhead\AppData\Roaming\OpenCandy\B31BC3D7813F4B6AAA49BC7EBA4526C3 (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Crackhead\AppData\Local\Temp\ct3288691 (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Crackhead\AppData\Local\Temp\ct3297265 (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Crackhead\AppData\Local\Temp\ct3297861 (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 9
C:\Users\Crackhead\AppData\Local\Temp\ct3288691\chromeid.txt (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Crackhead\AppData\Local\Temp\ct3288691\setup.ini.txt (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Crackhead\AppData\Local\Temp\ct3297265\chromeid.txt (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Crackhead\AppData\Local\Temp\ct3297265\CT3297265.txt (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Crackhead\AppData\Local\Temp\ct3297265\initData.json (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Crackhead\AppData\Local\Temp\ct3297265\manifest.json (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Crackhead\AppData\Local\Temp\ct3297265\setup.ini.txt (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Crackhead\AppData\Local\Temp\ct3297861\chromeid.txt (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Crackhead\AppData\Local\Temp\ct3297861\setup.ini.txt (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)


Vorgang 4
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.04.25.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Crackhead :: CRACKHEAD-PC [Administrator]

26.04.2014 08:22:33
mbam-log-2014-04-26 (08-22-33).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 223818
Laufzeit: 2 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Habe während ich die Exe gezogen habe, kein Antivir programm installiert gehabt.

Habe danach gleich die Testversion von Kasperky geladen, da ich zum ersten mal so etwas habe.

Habe dann die Kasperksy Version 14.0.0.4651 (b) darüber laufen lassen.
Eine Bedrohung hatte ich Trojan-Proxy.Win32.lethic.brl.

Wurde laut Kasperky neutralisiert.

Was soll ich nun tun?


Habe keinerlei Log ins in Email accounts oder Banking seit den Vorfall vorgenommen.
Passwörter sind bei mir im Browser auch nicht gespeichert, bis auf ein paar unwichtigen Websides. Also nichts was mit Banking zu tun hat oder so etwas.

Was soll ich denn nun tun?

Polizei rufen, Bank anrufen?

Grüße

Geändert von Problemtyp (26.04.2014 um 10:25 Uhr) Grund: Weitere Infos

Alt 26.04.2014, 11:10   #2
Larusso
/// Selecta Jahrusso
 
Bpay Rechnung von Manuel Wagner - Standard

Bpay Rechnung von Manuel Wagner





Ich bräuchte vorher noch einen genaueren Einblick ins System.
Hast du, sagen wir mal, die letzte Woche Online Banking betrieben ? Wenn ja, bitte vorerst sperren lassen. Zeus war/ist auf dem System und kann entweder von der Rechnung.exe geladen worden sein, oder eben schon vorher auf dem System.

Für gewöhnlich schicke ich Leute, die hier ohne installiertes AVP mit solch einer Infektion auftauchen zum Formatieren. Nicht, weil man es nicht bereinigen könnte sondern mehr als Lerneffekt.


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 26.04.2014, 13:24   #3
Problemtyp
 
Bpay Rechnung von Manuel Wagner - Standard

Bpay Rechnung von Manuel Wagner



Okay super danke.

Onlinebanking ist gesperrt. Sowohl Pin als auch Tan wurde gesperrt. Da kann jetzt keiner mehr ran. Habe mir heute neue Auszüge geholt, es hat sich bisher nichts verändert. Morgen sehe ich noch einmal nach, da man Buchungen bis Montag 17 Uhr rückgängig machen kann.

Ich weiß, das ich kein AVP hatte, ist nicht gerade vorteilhaft von mir.

So ich habe die 64 Bit version heruntergeladen und habe das Programm gestartet.

Keine Kästchen verändert und Scan gedrückt.

FRST.txt:
FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-04-2014 01
Ran by Crackhead (administrator) on CRACKHEAD-PC on 26-04-2014 13:19:32
Running from C:\Users\Crackhead\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
() C:\Users\Crackhead\AppData\Local\Temp\OCS\Downloads\db6c8e043b5806271c5ea5ad27b5c968\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Users\Crackhead\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Crackhead\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Crackhead\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Crackhead\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Crackhead\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Crackhead\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Crackhead\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Crackhead\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Crackhead\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Crackhead\AppData\Local\Google\Chrome\Application\chrome.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe
(Google Inc.) C:\Users\Crackhead\AppData\Local\Google\Chrome\Application\chrome.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7560296 2012-12-30] (Realtek Semiconductor)
HKLM-x32\...\Run: [Turbo Key] => C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe [1874432 2009-11-24] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-01-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [TrayServer] => C:\Program Files (x86)\MAGIX\Video_deluxe_MX_Plus_Sonderedition\TrayServer_de.exe [90112 2008-08-07] (MAGIX AG)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\.DEFAULT\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\.DEFAULT\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3031499233-3451666306-1332744430-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1825984 2014-04-24] (Valve Corporation)
HKU\S-1-5-21-3031499233-3451666306-1332744430-1000\...\Run: [Facebook Update] => C:\Users\Crackhead\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-01-23] (Facebook Inc.)
HKU\S-1-5-21-3031499233-3451666306-1332744430-1000\...\Run: [Google Update] => C:\Users\Crackhead\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-02-01] (Google Inc.)
HKU\S-1-5-21-3031499233-3451666306-1332744430-1000\...\Run: [RGSC] => C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
HKU\S-1-5-21-3031499233-3451666306-1332744430-1000\...\Run: [Udxoryysna] => "C:\Users\Crackhead\AppData\Roaming\Ucuqge\xeiwo.exe"
HKU\S-1-5-21-3031499233-3451666306-1332744430-1000\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-3031499233-3451666306-1332744430-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3031499233-3451666306-1332744430-1000\...\MountPoints2: {43f743a3-fe48-11d5-9f70-806e6f6e6963} - F:\SETUP.EXE
HKU\S-1-5-21-3031499233-3451666306-1332744430-1000\...\MountPoints2: {af751ae0-819d-11e2-9f63-50465d6845cd} - G:\setup\rsrc\Autorun.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=20.3.1.22
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x53CFB7E21EE6CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=20.3.1.22
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchURL = hxxp://home.microsoft.com/access/autosearch.asp?p=%s
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
SearchScopes: HKLM-x32 - DefaultScope {721061fb-eb79-4568-a03c-3ce26d68dae9} URL = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197
SearchScopes: HKLM-x32 - {721061fb-eb79-4568-a03c-3ce26d68dae9} URL = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197
SearchScopes: HKCU - DefaultScope {721061fb-eb79-4568-a03c-3ce26d68dae9} URL = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=28E050465D6845CD&affID=121565&tsp=5003
SearchScopes: HKCU - {721061fb-eb79-4568-a03c-3ce26d68dae9} URL = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/mb201/?search={searchTerms}&loc=IB_DS&a=6PQXbA0S1r&i=26
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: DNS Error Helper - {9B6B03F1-16CF-4491-BBBB-E872802DD717} - C:\ProgramData\DNSErrorHelper\bho.dll ()
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Crackhead\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Crackhead\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Crackhead\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-04-25]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-04-25]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-04-25]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-04-25]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-04-25]

Chrome: 
=======
CHR HomePage: hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=28E050465D6845CD&affID=121565&tsp=5003
CHR Plugin: (Shockwave Flash) - C:\Users\Crackhead\AppData\Local\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Crackhead\AppData\Local\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Crackhead\AppData\Local\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
CHR Plugin: (Injovo Extension Plugin) - C:\Users\Crackhead\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.557_0\npbrowserext.dll No File
CHR Plugin: (Free Studio) - C:\Users\Crackhead\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\np_dvs_plugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Crackhead\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Google Update) - C:\Users\Crackhead\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (Google Drive) - C:\Users\Crackhead\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-01]
CHR Extension: (YouTube) - C:\Users\Crackhead\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-01]
CHR Extension: (Google-Suche) - C:\Users\Crackhead\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-01]
CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\Crackhead\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-04-26]
CHR Extension: (AdBlock) - C:\Users\Crackhead\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-02-01]
CHR Extension: (Sicherer Zahlungsverkehr) - C:\Users\Crackhead\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-04-26]
CHR Extension: (Modul zum Sperren von gefährlichen Webseiten) - C:\Users\Crackhead\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-04-26]
CHR Extension: (ProxMate - Proxy on steroids!) - C:\Users\Crackhead\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm [2013-05-13]
CHR Extension: (Virtuelle Tastatur) - C:\Users\Crackhead\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-04-26]
CHR Extension: (Google Wallet) - C:\Users\Crackhead\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Google Mail) - C:\Users\Crackhead\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-01]
CHR Extension: (Anti-Banner) - C:\Users\Crackhead\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-04-26]
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx [2014-04-26]
CHR HKCU\...\Chrome\Extension: [hkoahcaobjbihehldfimhblmhgalcipm] - C:\Users\Crackhead\AppData\Local\CRE\hkoahcaobjbihehldfimhblmhgalcipm.crx [2013-06-02]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-02-22]
CHR HKLM-x32\...\Chrome\Extension: [aakchaleigkohafkfjfjbblobjifikek] - C:\Users\Crackhead\AppData\LocalLow\proxtube\CHROME\proxtube.crx [2012-04-19]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [gaffpnfojcdkcdimoobneboagdnnenbo] - C:\Users\Crackhead\AppData\Roaming\DNSHelper Chrome\DNSHelper.crx [2013-02-01]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hkoahcaobjbihehldfimhblmhgalcipm] - C:\Users\Crackhead\AppData\Local\CRE\hkoahcaobjbihehldfimhblmhgalcipm.crx [2013-06-02]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\Crackhead\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [niogeckbkdcabhnapjbkeiklablhjoca] - C:\Program Files (x86)\Perion\ChromeInfoBar\ChromeInfoBar.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Users\Crackhead\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17]

==================== Services (Whitelisted) =================

R2 AddonsHelper; C:\Users\Crackhead\AppData\Local\Temp\OCS\Downloads\db6c8e043b5806271c5ea5ad27b5c968\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe [865792 2013-02-01] ()
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-01-29] (Advanced Micro Devices, Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-08-19] (ASUSTeK Computer Inc.)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2013-02-28] (DT Soft Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2013-10-17] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [112224 2013-06-08] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620640 2013-10-17] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178784 2013-06-06] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-17] ()
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-26 13:19 - 2014-04-26 13:19 - 00024452 _____ () C:\Users\Crackhead\Desktop\FRST.txt
2014-04-26 13:18 - 2014-04-26 13:18 - 02061824 _____ (Farbar) C:\Users\Crackhead\Desktop\FRST64.exe
2014-04-26 13:17 - 2014-04-26 13:18 - 02061824 _____ (Farbar) C:\Users\Crackhead\Downloads\FRST64.exe
2014-04-26 07:33 - 2014-04-26 07:33 - 00262144 _____ () C:\Windows\system32\config\elam
2014-04-25 23:46 - 2014-04-25 23:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2014-04-25 23:46 - 2014-04-25 23:45 - 00001126 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2014-04-25 23:45 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2014-04-25 23:44 - 2014-04-26 13:14 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-04-25 23:44 - 2014-04-25 23:44 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-04-25 23:44 - 2014-04-25 23:44 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-04-25 23:43 - 2013-10-17 15:47 - 00620640 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-04-25 23:43 - 2013-06-08 20:18 - 00112224 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-04-25 22:40 - 2014-04-25 23:39 - 257813336 _____ () C:\Users\Crackhead\Downloads\kis14.0.0.4651de-de.exe
2014-04-18 22:40 - 2014-04-18 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-18 22:40 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-18 22:40 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-18 22:40 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-18 22:40 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-18 22:35 - 2014-04-18 22:40 - 00004253 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-18 12:26 - 2014-04-18 12:26 - 00376288 _____ () C:\Users\Crackhead\Downloads\MediaPlayerClassic.exe
2014-04-12 20:52 - 2014-04-12 20:52 - 00004096 _____ () C:\Windows\d3dx.dat

==================== One Month Modified Files and Folders =======

2014-04-26 13:20 - 2014-04-26 13:19 - 00024452 _____ () C:\Users\Crackhead\Desktop\FRST.txt
2014-04-26 13:20 - 2009-07-14 06:45 - 00014384 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-26 13:20 - 2009-07-14 06:45 - 00014384 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-26 13:19 - 2014-01-29 19:55 - 00000000 ____D () C:\FRST
2014-04-26 13:19 - 2012-12-30 03:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-26 13:18 - 2014-04-26 13:18 - 02061824 _____ (Farbar) C:\Users\Crackhead\Desktop\FRST64.exe
2014-04-26 13:18 - 2014-04-26 13:17 - 02061824 _____ (Farbar) C:\Users\Crackhead\Downloads\FRST64.exe
2014-04-26 13:16 - 2013-01-02 14:58 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-04-26 13:14 - 2014-04-25 23:44 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-04-26 13:14 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-26 13:14 - 2009-07-14 06:51 - 00147029 _____ () C:\Windows\setupact.log
2014-04-26 10:01 - 2013-02-01 17:54 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3031499233-3451666306-1332744430-1000UA.job
2014-04-26 10:01 - 2013-02-01 17:54 - 00001084 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3031499233-3451666306-1332744430-1000Core.job
2014-04-26 08:11 - 2013-01-23 21:06 - 00000944 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3031499233-3451666306-1332744430-1000UA.job
2014-04-26 07:40 - 2013-01-03 15:01 - 00723234 _____ () C:\Windows\PFRO.log
2014-04-26 07:33 - 2014-04-26 07:33 - 00262144 _____ () C:\Windows\system32\config\elam
2014-04-25 23:46 - 2014-04-25 23:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2014-04-25 23:45 - 2014-04-25 23:46 - 00001126 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2014-04-25 23:44 - 2014-04-25 23:44 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-04-25 23:44 - 2014-04-25 23:44 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-04-25 23:39 - 2014-04-25 22:40 - 257813336 _____ () C:\Users\Crackhead\Downloads\kis14.0.0.4651de-de.exe
2014-04-25 17:27 - 2013-02-18 23:07 - 01595392 ___SH () C:\Users\Crackhead\Desktop\Thumbs.db
2014-04-18 22:40 - 2014-04-18 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-18 22:40 - 2014-04-18 22:35 - 00004253 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-18 22:40 - 2013-10-28 10:06 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-18 22:40 - 2013-10-28 09:28 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-18 22:33 - 2012-12-30 16:59 - 00326654 _____ () C:\Windows\DirectX.log
2014-04-18 12:26 - 2014-04-18 12:26 - 00376288 _____ () C:\Users\Crackhead\Downloads\MediaPlayerClassic.exe
2014-04-15 15:35 - 2009-07-14 19:58 - 00654150 _____ () C:\Windows\system32\perfh007.dat
2014-04-15 15:35 - 2009-07-14 19:58 - 00130022 _____ () C:\Windows\system32\perfc007.dat
2014-04-15 15:35 - 2009-07-14 07:13 - 01498742 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-14 20:13 - 2014-04-18 22:40 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-14 20:05 - 2014-04-18 22:40 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-14 20:05 - 2014-04-18 22:40 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-14 20:04 - 2014-04-18 22:40 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-12 20:52 - 2014-04-12 20:52 - 00004096 _____ () C:\Windows\d3dx.dat
2014-04-12 20:11 - 2013-01-23 21:06 - 00000922 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3031499233-3451666306-1332744430-1000Core.job
2014-04-05 09:56 - 2013-02-01 17:54 - 00004118 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3031499233-3451666306-1332744430-1000UA
2014-04-05 09:56 - 2013-02-01 17:54 - 00003722 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3031499233-3451666306-1332744430-1000Core

Some content of TEMP:
====================
C:\Users\Crackhead\AppData\Local\Temp\comver.dll
C:\Users\Crackhead\AppData\Local\Temp\DivXSetup.exe
C:\Users\Crackhead\AppData\Local\Temp\dlLogic.exe
C:\Users\Crackhead\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Crackhead\AppData\Local\Temp\drm_dyndata_7370007.dll
C:\Users\Crackhead\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\Crackhead\AppData\Local\Temp\drm_dyndata_7400009.dll
C:\Users\Crackhead\AppData\Local\Temp\drm_dyndata_7410004.dll
C:\Users\Crackhead\AppData\Local\Temp\incredibar_installer.exe
C:\Users\Crackhead\AppData\Local\Temp\installerdll5395247.dll
C:\Users\Crackhead\AppData\Local\Temp\installerdll5408398.dll
C:\Users\Crackhead\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Crackhead\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Crackhead\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Crackhead\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Crackhead\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Crackhead\AppData\Local\Temp\msi32838.exe
C:\Users\Crackhead\AppData\Local\Temp\msi50918.exe
C:\Users\Crackhead\AppData\Local\Temp\ose00000.exe
C:\Users\Crackhead\AppData\Local\Temp\rootsupd.exe
C:\Users\Crackhead\AppData\Local\Temp\Setup.exe
C:\Users\Crackhead\AppData\Local\Temp\SetupWordToPDF_237.exe
C:\Users\Crackhead\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Crackhead\AppData\Local\Temp\sfextra.dll
C:\Users\Crackhead\AppData\Local\Temp\SHSetup.exe
C:\Users\Crackhead\AppData\Local\Temp\SIMEEI2Installer.exe
C:\Users\Crackhead\AppData\Local\Temp\SIMEEIInstaller.exe
C:\Users\Crackhead\AppData\Local\Temp\sonarinst.exe
C:\Users\Crackhead\AppData\Local\Temp\tbDivX.dll
C:\Users\Crackhead\AppData\Local\Temp\Tsu096E7D05.dll
C:\Users\Crackhead\AppData\Local\Temp\uninst1.exe
C:\Users\Crackhead\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\Crackhead\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Crackhead\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Crackhead\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-12 20:43

==================== End Of Log ============================
         
--- --- ---

--- --- ---


/Edit: Wo finde ich denn die addition.txt wenn ich fragen darf?

Ps. danke für die Hilfe. Das hilft mir echt weiter.
__________________

Geändert von Problemtyp (26.04.2014 um 13:28 Uhr) Grund: Eine weitere frage und ein Dankeschön.

Alt 26.04.2014, 15:49   #4
Larusso
/// Selecta Jahrusso
 
Bpay Rechnung von Manuel Wagner - Standard

Bpay Rechnung von Manuel Wagner



Hy und sorry für die Verspätung.
Musste mich den ganzen Tag mit der Post streiten, da ein Paket heute ankommen hätte müssen aber die das mit der Samstagszustellung verkackt haben
( Hat hiermit nichts zu tun musste ich aber mal wen sagen )


Ich sehe da immer noch suspekte Einträge und brauche dafür eine genauere Analyse.
Die addtions.txt wurde tatsächlich nicht erstellt. FRST früher einmal benutzt ?


Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 26.04.2014, 17:32   #5
Problemtyp
 
Bpay Rechnung von Manuel Wagner - Standard

Bpay Rechnung von Manuel Wagner



So habe das Programm heruntergeladen und habe hier den Bericht.

17:24:38.0836 0x0c6c TDSS rootkit removing tool 3.0.0.33 Apr 24 2014 14:02:50
17:24:42.0247 0x0c6c ============================================================
17:24:42.0248 0x0c6c Current date / time: 2014/04/26 17:24:42.0247
17:24:42.0248 0x0c6c SystemInfo:
17:24:42.0248 0x0c6c
17:24:42.0248 0x0c6c OS Version: 6.1.7601 ServicePack: 1.0
17:24:42.0248 0x0c6c Product type: Workstation
17:24:42.0248 0x0c6c ComputerName: CRACKHEAD-PC
17:24:42.0248 0x0c6c UserName: Crackhead
17:24:42.0248 0x0c6c Windows directory: C:\Windows
17:24:42.0248 0x0c6c System windows directory: C:\Windows
17:24:42.0248 0x0c6c Running under WOW64
17:24:42.0249 0x0c6c Processor architecture: Intel x64
17:24:42.0249 0x0c6c Number of processors: 4
17:24:42.0249 0x0c6c Page size: 0x1000
17:24:42.0249 0x0c6c Boot type: Normal boot
17:24:42.0249 0x0c6c ============================================================
17:24:46.0986 0x0c6c KLMD registered as C:\Windows\system32\drivers\64786457.sys
17:24:47.0178 0x0c6c System UUID: {85B5A9A3-8313-84CC-CC4A-27723229CBFF}
17:24:47.0752 0x0c6c Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:24:47.0777 0x0c6c ============================================================
17:24:47.0777 0x0c6c \Device\Harddisk0\DR0:
17:24:47.0777 0x0c6c MBR partitions:
17:24:47.0777 0x0c6c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x72BB474B
17:24:47.0777 0x0c6c \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x72BB478A, BlocksNum 0x1B51237
17:24:47.0777 0x0c6c ============================================================
17:24:47.0803 0x0c6c C: <-> \Device\Harddisk0\DR0\Partition1
17:24:47.0857 0x0c6c D: <-> \Device\Harddisk0\DR0\Partition2
17:24:47.0857 0x0c6c ============================================================
17:24:47.0857 0x0c6c Initialize success
17:24:47.0857 0x0c6c ============================================================
17:25:59.0200 0x0d68 ============================================================
17:25:59.0200 0x0d68 Scan started
17:25:59.0200 0x0d68 Mode: Manual; SigCheck; TDLFS;
17:25:59.0200 0x0d68 ============================================================
17:25:59.0200 0x0d68 KSN ping started
17:26:01.0743 0x0d68 KSN ping finished: true
17:26:03.0147 0x0d68 ================ Scan system memory ========================
17:26:03.0147 0x0d68 System memory - ok
17:26:03.0147 0x0d68 ================ Scan services =============================
17:26:03.0412 0x0d68 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:26:03.0693 0x0d68 1394ohci - ok
17:26:03.0771 0x0d68 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:26:03.0818 0x0d68 ACPI - ok
17:26:03.0833 0x0d68 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:26:03.0958 0x0d68 AcpiPmi - ok
17:26:04.0176 0x0d68 [ DD01BD9FBD73D67ECDD7BDEBB9D1ED23, 4943CC446B975140FF0642F2AC5123B460B253E94DF6832DEC3D8B848B300E9A ] AddonsHelper C:\Users\Crackhead\AppData\Local\Temp\OCS\Downloads\db6c8e043b5806271c5ea5ad27b5c968\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe
17:26:04.0223 0x0d68 AddonsHelper - detected UnsignedFile.Multi.Generic ( 1 )
17:26:04.0286 0x0d68 AddonsHelper ( UnsignedFile.Multi.Generic ) - warning
17:26:06.0891 0x0d68 [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:26:06.0938 0x0d68 AdobeARMservice - ok
17:26:07.0094 0x0d68 [ 9D96B0D5855FD1B98023B3EEC9F06786, E4C79233158BE8AA4E9C6DD71585E5D2703A5156531EB3D692D7D81BC443E844 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:26:07.0140 0x0d68 AdobeFlashPlayerUpdateSvc - ok
17:26:07.0218 0x0d68 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:26:07.0250 0x0d68 adp94xx - ok
17:26:07.0312 0x0d68 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:26:07.0359 0x0d68 adpahci - ok
17:26:07.0374 0x0d68 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:26:07.0390 0x0d68 adpu320 - ok
17:26:07.0437 0x0d68 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:26:07.0624 0x0d68 AeLookupSvc - ok
17:26:07.0686 0x0d68 [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD C:\Windows\system32\drivers\afd.sys
17:26:07.0811 0x0d68 AFD - ok
17:26:07.0858 0x0d68 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
17:26:07.0905 0x0d68 agp440 - ok
17:26:07.0920 0x0d68 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
17:26:08.0014 0x0d68 ALG - ok
17:26:08.0030 0x0d68 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
17:26:08.0045 0x0d68 aliide - ok
17:26:08.0092 0x0d68 [ 95855EC80321D7629895FD0FACE61204, 04C822D2E6B4F60640E00D20A46DB9D4F6438798E399A7F259E6DF617AC16318 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
17:26:08.0201 0x0d68 AMD External Events Utility - ok
17:26:08.0279 0x0d68 AMD FUEL Service - ok
17:26:08.0310 0x0d68 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
17:26:08.0342 0x0d68 amdide - ok
17:26:08.0404 0x0d68 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:26:08.0513 0x0d68 AmdK8 - ok
17:26:08.0888 0x0d68 [ F5795A186919503816627A2B2A8F5DF1, 1C2CCB7877B9749E2BE6701F8092AE2C197E1DA095061B044470FD47F225C2C4 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
17:26:09.0356 0x0d68 amdkmdag - ok
17:26:09.0418 0x0d68 [ 1A67E9C07CBF3A1CA1AF6F15D95D2F70, 244FB4908B114BDEBFC8366602C4191901AF12AAB3C74FACCCB6E789022A108F ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
17:26:09.0480 0x0d68 amdkmdap - ok
17:26:09.0527 0x0d68 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:26:09.0590 0x0d68 AmdPPM - ok
17:26:09.0652 0x0d68 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:26:09.0668 0x0d68 amdsata - ok
17:26:09.0714 0x0d68 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:26:09.0777 0x0d68 amdsbs - ok
17:26:09.0808 0x0d68 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:26:09.0824 0x0d68 amdxata - ok
17:26:09.0870 0x0d68 [ 5A528A540B1AEE8B1C77ED65094E8CDF, 6E3DE68E630B81425056AB58E64721DD41F56491DD2D281CBB86AA7EF9CAD0E0 ] AODDriver4.2 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
17:26:09.0886 0x0d68 AODDriver4.2 - ok
17:26:09.0933 0x0d68 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
17:26:10.0136 0x0d68 AppID - ok
17:26:10.0182 0x0d68 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:26:10.0276 0x0d68 AppIDSvc - ok
17:26:10.0338 0x0d68 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
17:26:10.0448 0x0d68 Appinfo - ok
17:26:10.0510 0x0d68 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
17:26:10.0588 0x0d68 AppMgmt - ok
17:26:10.0650 0x0d68 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
17:26:10.0666 0x0d68 arc - ok
17:26:10.0682 0x0d68 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:26:10.0697 0x0d68 arcsas - ok
17:26:10.0791 0x0d68 [ A82C01606DC27D05D9D3BFB6BB807E32, CE231637422709D927FB6FA0C4F2215B9C0E3EBBD951FB2FA97B8E64DA479B96 ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
17:26:10.0822 0x0d68 AsIO - ok
17:26:10.0947 0x0d68 [ 798A87B2D7AD73B16B7CD968C5D1F18F, A2C1567D7BCF1280FDD827D25D4996FB55B3F2983C300BB91F3A96A3A8603446 ] AsSysCtrlService C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
17:26:10.0994 0x0d68 AsSysCtrlService - detected UnsignedFile.Multi.Generic ( 1 )
17:26:10.0994 0x0d68 AsSysCtrlService ( UnsignedFile.Multi.Generic ) - warning
17:26:13.0521 0x0d68 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:26:13.0614 0x0d68 AsyncMac - ok
17:26:13.0661 0x0d68 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
17:26:13.0692 0x0d68 atapi - ok
17:26:13.0724 0x0d68 [ 437F55435623D4D54D36197F5AD8B435, CE004F1E3299E39AFD70C8618253901614C0F3DBD594B6F0E1BA294C7B47FAD6 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
17:26:13.0802 0x0d68 AtiHDAudioService - ok
17:26:13.0848 0x0d68 [ C07A040D6B5A42DD41EE386CF90974C8, 8D47815F99C79B795504C3172B5FBBDBA6AFACC004B17AA3954A06BE713FACAE ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
17:26:13.0880 0x0d68 AtiPcie - ok
17:26:13.0926 0x0d68 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:26:14.0114 0x0d68 AudioEndpointBuilder - ok
17:26:14.0145 0x0d68 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:26:14.0176 0x0d68 AudioSrv - ok
17:26:14.0519 0x0d68 [ 0D2F8F4055903A762AD46204E5A42E86, D3270039E4F066C69D844060388D3F895137C37C0FBE4C106BE1C71AE9DBC17A ] AVP C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
17:26:14.0550 0x0d68 AVP - ok
17:26:14.0566 0x0d68 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:26:14.0675 0x0d68 AxInstSV - ok
17:26:14.0753 0x0d68 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
17:26:14.0847 0x0d68 b06bdrv - ok
17:26:14.0925 0x0d68 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:26:15.0018 0x0d68 b57nd60a - ok
17:26:15.0065 0x0d68 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
17:26:15.0159 0x0d68 BDESVC - ok
17:26:15.0190 0x0d68 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
17:26:15.0284 0x0d68 Beep - ok
17:26:15.0377 0x0d68 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
17:26:15.0440 0x0d68 BFE - ok
17:26:15.0486 0x0d68 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
17:26:15.0580 0x0d68 BITS - ok
17:26:15.0627 0x0d68 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:26:15.0658 0x0d68 blbdrive - ok
17:26:15.0767 0x0d68 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:26:15.0814 0x0d68 Bonjour Service - ok
17:26:15.0845 0x0d68 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:26:15.0939 0x0d68 bowser - ok
17:26:15.0970 0x0d68 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:26:16.0079 0x0d68 BrFiltLo - ok
17:26:16.0110 0x0d68 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:26:16.0126 0x0d68 BrFiltUp - ok
17:26:16.0157 0x0d68 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
17:26:16.0204 0x0d68 Browser - ok
17:26:16.0235 0x0d68 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:26:16.0344 0x0d68 Brserid - ok
17:26:16.0360 0x0d68 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:26:16.0407 0x0d68 BrSerWdm - ok
17:26:16.0438 0x0d68 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:26:16.0500 0x0d68 BrUsbMdm - ok
17:26:16.0547 0x0d68 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:26:16.0578 0x0d68 BrUsbSer - ok
17:26:16.0610 0x0d68 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:26:16.0641 0x0d68 BTHMODEM - ok
17:26:16.0735 0x0d68 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
17:26:16.0828 0x0d68 bthserv - ok
17:26:16.0859 0x0d68 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:26:16.0906 0x0d68 cdfs - ok
17:26:16.0937 0x0d68 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:26:17.0015 0x0d68 cdrom - ok
17:26:17.0078 0x0d68 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
17:26:17.0156 0x0d68 CertPropSvc - ok
17:26:17.0234 0x0d68 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:26:17.0296 0x0d68 circlass - ok
17:26:17.0359 0x0d68 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
17:26:17.0390 0x0d68 CLFS - ok
17:26:17.0499 0x0d68 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:26:17.0530 0x0d68 clr_optimization_v2.0.50727_32 - ok
17:26:17.0608 0x0d68 [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:26:17.0639 0x0d68 clr_optimization_v2.0.50727_64 - ok
17:26:17.0749 0x0d68 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:26:17.0842 0x0d68 clr_optimization_v4.0.30319_32 - ok
17:26:17.0889 0x0d68 [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:26:17.0920 0x0d68 clr_optimization_v4.0.30319_64 - ok
17:26:17.0936 0x0d68 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:26:17.0983 0x0d68 CmBatt - ok
17:26:18.0029 0x0d68 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:26:18.0061 0x0d68 cmdide - ok
17:26:18.0123 0x0d68 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys
17:26:18.0170 0x0d68 CNG - ok
17:26:18.0201 0x0d68 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:26:18.0201 0x0d68 Compbatt - ok
17:26:18.0232 0x0d68 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
17:26:18.0279 0x0d68 CompositeBus - ok
17:26:18.0326 0x0d68 COMSysApp - ok
17:26:18.0357 0x0d68 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:26:18.0497 0x0d68 crcdisk - ok
17:26:18.0607 0x0d68 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:26:18.0731 0x0d68 CryptSvc - ok
17:26:18.0965 0x0d68 [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys
17:26:19.0012 0x0d68 CSC - ok
17:26:19.0059 0x0d68 [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll
17:26:19.0121 0x0d68 CscService - ok
17:26:19.0184 0x0d68 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:26:19.0246 0x0d68 DcomLaunch - ok
17:26:19.0324 0x0d68 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
17:26:19.0465 0x0d68 defragsvc - ok
17:26:19.0496 0x0d68 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:26:19.0605 0x0d68 DfsC - ok
17:26:19.0683 0x0d68 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
17:26:19.0792 0x0d68 Dhcp - ok
17:26:19.0855 0x0d68 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
17:26:19.0948 0x0d68 discache - ok
17:26:19.0995 0x0d68 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:26:20.0026 0x0d68 Disk - ok
17:26:20.0073 0x0d68 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:26:20.0167 0x0d68 Dnscache - ok
17:26:20.0213 0x0d68 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
17:26:20.0307 0x0d68 dot3svc - ok
17:26:20.0385 0x0d68 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
17:26:20.0479 0x0d68 DPS - ok
17:26:20.0525 0x0d68 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:26:20.0619 0x0d68 drmkaud - ok
17:26:20.0697 0x0d68 [ 9F98D7AFA293947A0DFC6FFD4671FE70, 3A5C706D5E5045571D717638C3B5D60C33E9B00F7C75208059CE366185F517D7 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
17:26:20.0713 0x0d68 dtsoftbus01 - ok
17:26:20.0791 0x0d68 [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:26:20.0822 0x0d68 DXGKrnl - ok
17:26:20.0884 0x0d68 [ EDC6E9C057C9D7F83EEA22B4CEF5DCAD, 967829CE37158020F6026C588260FCFC6F9852DDDACD622FAF7AB75121DF5B3D ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
17:26:20.0962 0x0d68 E1G60 - ok
17:26:21.0056 0x0d68 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
17:26:21.0149 0x0d68 EapHost - ok
17:26:21.0290 0x0d68 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
17:26:21.0493 0x0d68 ebdrv - ok
17:26:21.0539 0x0d68 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS C:\Windows\System32\lsass.exe
17:26:21.0664 0x0d68 EFS - ok
17:26:21.0805 0x0d68 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:26:22.0039 0x0d68 ehRecvr - ok
17:26:22.0085 0x0d68 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
17:26:22.0226 0x0d68 ehSched - ok
17:26:22.0444 0x0d68 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:26:22.0460 0x0d68 elxstor - ok
17:26:22.0491 0x0d68 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:26:22.0553 0x0d68 ErrDev - ok
17:26:22.0647 0x0d68 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
17:26:22.0725 0x0d68 EventSystem - ok
17:26:22.0756 0x0d68 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
17:26:22.0819 0x0d68 exfat - ok
17:26:23.0053 0x0d68 Fabs - ok
17:26:23.0099 0x0d68 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:26:23.0224 0x0d68 fastfat - ok
17:26:23.0302 0x0d68 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
17:26:23.0365 0x0d68 Fax - ok
17:26:23.0380 0x0d68 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:26:23.0396 0x0d68 fdc - ok
17:26:23.0458 0x0d68 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
17:26:23.0552 0x0d68 fdPHost - ok
17:26:23.0583 0x0d68 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
17:26:23.0661 0x0d68 FDResPub - ok
17:26:23.0692 0x0d68 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:26:23.0708 0x0d68 FileInfo - ok
17:26:23.0723 0x0d68 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:26:23.0801 0x0d68 Filetrace - ok
17:26:24.0035 0x0d68 [ 5BD96D8C5411ACE71A7EAACAF0EF2903, 2AF58E6060C7DEC44B4CA30E14E164473CD4089AE475DAFFC61DFE56990C1147 ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
17:26:24.0207 0x0d68 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic ( 1 )
17:26:24.0207 0x0d68 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
17:26:26.0750 0x0d68 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:26:26.0797 0x0d68 flpydisk - ok
17:26:26.0843 0x0d68 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:26:26.0875 0x0d68 FltMgr - ok
17:26:26.0953 0x0d68 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
17:26:27.0046 0x0d68 FontCache - ok
17:26:27.0093 0x0d68 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:26:27.0140 0x0d68 FontCache3.0.0.0 - ok
17:26:27.0155 0x0d68 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:26:27.0171 0x0d68 FsDepends - ok
17:26:27.0202 0x0d68 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:26:27.0202 0x0d68 Fs_Rec - ok
17:26:27.0311 0x0d68 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:26:27.0374 0x0d68 fvevol - ok
17:26:27.0405 0x0d68 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:26:27.0436 0x0d68 gagp30kx - ok
17:26:27.0483 0x0d68 [ E403AACF8C7BB11375122D2464560311, 0427B8FFD999D256EA1A5135F218692959A7577CB32354D3087CF0FB4F0577DF ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:26:27.0514 0x0d68 GEARAspiWDM - ok
17:26:27.0545 0x0d68 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
17:26:27.0639 0x0d68 gpsvc - ok
17:26:27.0670 0x0d68 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:26:27.0748 0x0d68 hcw85cir - ok
17:26:27.0811 0x0d68 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:26:27.0904 0x0d68 HdAudAddService - ok
17:26:27.0951 0x0d68 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
17:26:28.0029 0x0d68 HDAudBus - ok
17:26:28.0060 0x0d68 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:26:28.0107 0x0d68 HidBatt - ok
17:26:28.0138 0x0d68 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:26:28.0216 0x0d68 HidBth - ok
17:26:28.0247 0x0d68 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:26:28.0294 0x0d68 HidIr - ok
17:26:28.0341 0x0d68 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
17:26:28.0403 0x0d68 hidserv - ok
17:26:28.0544 0x0d68 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:26:28.0622 0x0d68 HidUsb - ok
17:26:28.0669 0x0d68 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:26:28.0715 0x0d68 hkmsvc - ok
17:26:28.0762 0x0d68 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:26:28.0793 0x0d68 HomeGroupListener - ok
17:26:28.0825 0x0d68 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:26:28.0903 0x0d68 HomeGroupProvider - ok
17:26:28.0949 0x0d68 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:26:28.0996 0x0d68 HpSAMD - ok
17:26:29.0074 0x0d68 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:26:29.0168 0x0d68 HTTP - ok
17:26:29.0215 0x0d68 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:26:29.0230 0x0d68 hwpolicy - ok
17:26:29.0261 0x0d68 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
17:26:29.0293 0x0d68 i8042prt - ok
17:26:29.0339 0x0d68 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:26:29.0371 0x0d68 iaStorV - ok
17:26:29.0464 0x0d68 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:26:29.0527 0x0d68 idsvc - ok
17:26:29.0573 0x0d68 IEEtwCollectorService - ok
17:26:29.0636 0x0d68 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:26:29.0667 0x0d68 iirsp - ok
17:26:29.0745 0x0d68 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
17:26:29.0823 0x0d68 IKEEXT - ok
17:26:30.0073 0x0d68 [ 150AC23F21DBDBF8488408BA944B0D65, 77A3A0FB5208AA061224CFACC4D136A260132CC4BA01D105AE1532B749968708 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:26:30.0182 0x0d68 IntcAzAudAddService - ok
17:26:30.0197 0x0d68 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
17:26:30.0213 0x0d68 intelide - ok
17:26:30.0244 0x0d68 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:26:30.0291 0x0d68 intelppm - ok
17:26:30.0353 0x0d68 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:26:30.0463 0x0d68 IPBusEnum - ok
17:26:30.0525 0x0d68 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:26:30.0619 0x0d68 IpFilterDriver - ok
17:26:30.0697 0x0d68 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:26:30.0821 0x0d68 iphlpsvc - ok
17:26:30.0853 0x0d68 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:26:30.0884 0x0d68 IPMIDRV - ok
17:26:30.0899 0x0d68 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:26:30.0977 0x0d68 IPNAT - ok
17:26:31.0071 0x0d68 [ 4EFFC8FF6D349E971E94B1C670C0C66A, E92DA19CE9725BB4CC34DF94873C6B441AE61679A8C615780E1A1E9404C8FA26 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:26:31.0180 0x0d68 iPod Service - ok
17:26:31.0227 0x0d68 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:26:31.0399 0x0d68 IRENUM - ok
17:26:31.0430 0x0d68 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:26:31.0445 0x0d68 isapnp - ok
17:26:31.0492 0x0d68 [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:26:31.0523 0x0d68 iScsiPrt - ok
17:26:31.0601 0x0d68 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:26:31.0633 0x0d68 kbdclass - ok
17:26:31.0664 0x0d68 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
17:26:31.0726 0x0d68 kbdhid - ok
17:26:31.0773 0x0d68 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso C:\Windows\system32\lsass.exe
17:26:31.0804 0x0d68 KeyIso - ok
17:26:32.0132 0x0d68 [ 1C6256096A341051509D36AD724830BE, 025F7E1E979DC8C4794FC7D3581D6BCF6E0F6DC327C6FCB925B6A8EDBE999A68 ] kl1 C:\Windows\system32\DRIVERS\kl1.sys
17:26:32.0413 0x0d68 kl1 - ok
17:26:32.0506 0x0d68 [ 3EC077D42C42DEEBF8F6B44C51E91C5B, E797B257E7549374DD4108795CFF88B629664DD49EE4503E824EE36DBDDB25BA ] klflt C:\Windows\system32\DRIVERS\klflt.sys
17:26:32.0537 0x0d68 klflt - ok
17:26:32.0631 0x0d68 [ 732791C05B3114FE3FBB24A91F874E7F, 9EB1A266B1735925469ABA9499DC2D42F4617B7013B2ECC3EE7D0EEF120401E0 ] KLIF C:\Windows\system32\DRIVERS\klif.sys
17:26:32.0662 0x0d68 KLIF - ok
17:26:32.0740 0x0d68 [ 31B69BFF28348503E4BD10C2A4F66D05, 891318C2DDF85E43DFCEE73717AEFCE79BC3DCD83FCD58E6F794AB6BF1739688 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
17:26:32.0756 0x0d68 KLIM6 - ok
17:26:32.0787 0x0d68 [ AEB50941C6D67128B14F88DB9917C4E0, 2ACE46665DE298CC197660A442A3172B1FB460A40BD18AECEA786ACB011FDA43 ] klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys
17:26:32.0803 0x0d68 klkbdflt - ok
17:26:32.0834 0x0d68 [ 72CF64FBF38CD681FA7F37176047E967, BE5683C119DCEF7E678EE477D6CADF873E32D42372A253B7E86B8C335DF28E1C ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
17:26:32.0865 0x0d68 klmouflt - ok
17:26:32.0881 0x0d68 [ 8C0EC95AD65A0DE3D6C040591D02BF02, 272FB83752B73684FA7BDBE256FAFD56138E4755AAEFED9E7EF8F0E3D0ACFAF2 ] klpd C:\Windows\system32\DRIVERS\klpd.sys
17:26:32.0896 0x0d68 klpd - ok
17:26:32.0943 0x0d68 [ 4828B3D2BC89B05E07101C6E60CE0A6A, C2D40EA03A526286AEDF27DE80CB0576EB59EB7581C9E9ECFCB867349593D7CE ] kltdi C:\Windows\system32\DRIVERS\kltdi.sys
17:26:32.0959 0x0d68 kltdi - ok
17:26:33.0005 0x0d68 [ 2AF60665EA74C45F458C39C34B2D7D59, BEA6EFCAC76197F0C423055DBCB1BA2CB87F8BD3D103632C571BD2FE5936224C ] kneps C:\Windows\system32\DRIVERS\kneps.sys
17:26:33.0037 0x0d68 kneps - ok
17:26:33.0052 0x0d68 [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:26:33.0068 0x0d68 KSecDD - ok
17:26:33.0083 0x0d68 [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:26:33.0099 0x0d68 KSecPkg - ok
17:26:33.0146 0x0d68 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:26:33.0239 0x0d68 ksthunk - ok
17:26:33.0302 0x0d68 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
17:26:33.0380 0x0d68 KtmRm - ok
17:26:33.0458 0x0d68 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
17:26:33.0598 0x0d68 LanmanServer - ok
17:26:33.0661 0x0d68 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:26:33.0754 0x0d68 LanmanWorkstation - ok
17:26:33.0785 0x0d68 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:26:33.0817 0x0d68 lltdio - ok
17:26:33.0863 0x0d68 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:26:33.0926 0x0d68 lltdsvc - ok
17:26:33.0957 0x0d68 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:26:33.0973 0x0d68 lmhosts - ok
17:26:34.0019 0x0d68 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:26:34.0035 0x0d68 LSI_FC - ok
17:26:34.0051 0x0d68 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:26:34.0051 0x0d68 LSI_SAS - ok
17:26:34.0082 0x0d68 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:26:34.0082 0x0d68 LSI_SAS2 - ok
17:26:34.0097 0x0d68 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:26:34.0113 0x0d68 LSI_SCSI - ok
17:26:34.0144 0x0d68 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
17:26:34.0207 0x0d68 luafv - ok
17:26:34.0253 0x0d68 [ 0BB97D43299910CBFBA59C461B99B910, 27C22D9D9EE8A410D7396960DA93E9E260D4DCDD38DCE06E85E45C5E24C067DE ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
17:26:34.0285 0x0d68 MBAMProtector - ok
17:26:34.0347 0x0d68 [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:26:34.0378 0x0d68 MBAMScheduler - ok
17:26:34.0519 0x0d68 [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:26:34.0550 0x0d68 MBAMService - ok
17:26:34.0597 0x0d68 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:26:34.0643 0x0d68 Mcx2Svc - ok
17:26:34.0675 0x0d68 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:26:34.0690 0x0d68 megasas - ok
17:26:34.0784 0x0d68 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:26:34.0846 0x0d68 MegaSR - ok
17:26:34.0893 0x0d68 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
17:26:34.0987 0x0d68 MMCSS - ok
17:26:35.0018 0x0d68 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
17:26:35.0096 0x0d68 Modem - ok
17:26:35.0127 0x0d68 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:26:35.0189 0x0d68 monitor - ok
17:26:35.0252 0x0d68 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:26:35.0283 0x0d68 mouclass - ok
17:26:35.0314 0x0d68 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:26:35.0377 0x0d68 mouhid - ok
17:26:35.0423 0x0d68 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:26:35.0470 0x0d68 mountmgr - ok
17:26:35.0501 0x0d68 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
17:26:35.0533 0x0d68 mpio - ok
17:26:35.0564 0x0d68 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:26:35.0595 0x0d68 mpsdrv - ok
17:26:35.0657 0x0d68 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:26:35.0735 0x0d68 MpsSvc - ok
17:26:35.0798 0x0d68 [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:26:35.0891 0x0d68 MRxDAV - ok
17:26:35.0938 0x0d68 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:26:36.0032 0x0d68 mrxsmb - ok
17:26:36.0063 0x0d68 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:26:36.0110 0x0d68 mrxsmb10 - ok
17:26:36.0110 0x0d68 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:26:36.0125 0x0d68 mrxsmb20 - ok
17:26:36.0157 0x0d68 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
17:26:36.0172 0x0d68 msahci - ok
17:26:36.0188 0x0d68 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:26:36.0203 0x0d68 msdsm - ok
17:26:36.0219 0x0d68 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
17:26:36.0266 0x0d68 MSDTC - ok
17:26:36.0328 0x0d68 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:26:36.0391 0x0d68 Msfs - ok
17:26:36.0406 0x0d68 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:26:36.0484 0x0d68 mshidkmdf - ok
17:26:36.0515 0x0d68 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:26:36.0531 0x0d68 msisadrv - ok
17:26:36.0593 0x0d68 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:26:36.0687 0x0d68 MSiSCSI - ok
17:26:36.0703 0x0d68 msiserver - ok
17:26:36.0734 0x0d68 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:26:36.0812 0x0d68 MSKSSRV - ok
17:26:36.0859 0x0d68 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:26:36.0937 0x0d68 MSPCLOCK - ok
17:26:36.0968 0x0d68 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:26:37.0061 0x0d68 MSPQM - ok
17:26:37.0124 0x0d68 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:26:37.0155 0x0d68 MsRPC - ok
17:26:37.0171 0x0d68 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
17:26:37.0171 0x0d68 mssmbios - ok
17:26:37.0186 0x0d68 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:26:37.0280 0x0d68 MSTEE - ok
17:26:37.0311 0x0d68 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:26:37.0342 0x0d68 MTConfig - ok
17:26:37.0420 0x0d68 [ 19B006B181E3875FD254F7B67ACF1E7C, 1D68D19522E71F16B8B50F8CCFBC9D884CF2DAC40CC409BD5A40A4D4223ABC61 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
17:26:37.0451 0x0d68 MTsensor - ok
17:26:37.0467 0x0d68 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
17:26:37.0483 0x0d68 Mup - ok
17:26:37.0514 0x0d68 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
17:26:37.0545 0x0d68 napagent - ok
17:26:37.0623 0x0d68 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:26:37.0701 0x0d68 NativeWifiP - ok
17:26:37.0810 0x0d68 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
17:26:37.0857 0x0d68 NDIS - ok
17:26:37.0873 0x0d68 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:26:37.0904 0x0d68 NdisCap - ok
17:26:37.0935 0x0d68 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:26:38.0013 0x0d68 NdisTapi - ok
17:26:38.0075 0x0d68 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:26:38.0122 0x0d68 Ndisuio - ok
17:26:38.0153 0x0d68 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:26:38.0200 0x0d68 NdisWan - ok
17:26:38.0247 0x0d68 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:26:38.0341 0x0d68 NDProxy - ok
17:26:38.0372 0x0d68 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:26:38.0450 0x0d68 NetBIOS - ok
17:26:38.0481 0x0d68 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:26:38.0543 0x0d68 NetBT - ok
17:26:38.0559 0x0d68 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon C:\Windows\system32\lsass.exe
17:26:38.0559 0x0d68 Netlogon - ok
17:26:38.0621 0x0d68 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
17:26:38.0762 0x0d68 Netman - ok
17:26:38.0809 0x0d68 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
17:26:38.0902 0x0d68 netprofm - ok
17:26:39.0167 0x0d68 [ B72BB9496A126FCFC7FC5945DED9B411, FA5CC4E93761FB2B59B9B34C699B1486560BDB39280AB1125DE42DB7C4BE303A ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
17:26:39.0230 0x0d68 netr28x - ok
17:26:39.0277 0x0d68 [ 3E5A36127E201DDF663176B66828FAFE, 5A08BA9EFB1A72DF1DD839BA5FA2B8994012BA62A515588FF62333B33B60045B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:26:39.0308 0x0d68 NetTcpPortSharing - ok
17:26:39.0355 0x0d68 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:26:39.0386 0x0d68 nfrd960 - ok
17:26:39.0417 0x0d68 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:26:39.0495 0x0d68 NlaSvc - ok
17:26:39.0542 0x0d68 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:26:39.0604 0x0d68 Npfs - ok
17:26:39.0635 0x0d68 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
17:26:39.0745 0x0d68 nsi - ok
17:26:39.0776 0x0d68 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:26:39.0869 0x0d68 nsiproxy - ok
17:26:39.0979 0x0d68 [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:26:40.0041 0x0d68 Ntfs - ok
17:26:40.0057 0x0d68 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
17:26:40.0072 0x0d68 Null - ok
17:26:40.0103 0x0d68 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:26:40.0119 0x0d68 nvraid - ok
17:26:40.0135 0x0d68 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:26:40.0150 0x0d68 nvstor - ok
17:26:40.0197 0x0d68 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:26:40.0213 0x0d68 nv_agp - ok
17:26:40.0244 0x0d68 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:26:40.0275 0x0d68 ohci1394 - ok
17:26:40.0369 0x0d68 [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:26:40.0400 0x0d68 ose - ok
17:26:40.0447 0x0d68 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:26:40.0509 0x0d68 p2pimsvc - ok
17:26:40.0587 0x0d68 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
17:26:40.0618 0x0d68 p2psvc - ok
17:26:40.0634 0x0d68 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:26:40.0665 0x0d68 Parport - ok
17:26:40.0712 0x0d68 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:26:40.0712 0x0d68 partmgr - ok
17:26:40.0743 0x0d68 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
17:26:40.0805 0x0d68 PcaSvc - ok
17:26:40.0837 0x0d68 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
17:26:40.0868 0x0d68 pci - ok
17:26:40.0899 0x0d68 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
17:26:40.0915 0x0d68 pciide - ok
17:26:40.0977 0x0d68 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:26:41.0024 0x0d68 pcmcia - ok
17:26:41.0039 0x0d68 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
17:26:41.0039 0x0d68 pcw - ok
17:26:41.0071 0x0d68 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:26:41.0149 0x0d68 PEAUTH - ok
17:26:41.0258 0x0d68 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
17:26:41.0367 0x0d68 PeerDistSvc - ok
17:26:41.0492 0x0d68 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:26:41.0570 0x0d68 PerfHost - ok
17:26:41.0679 0x0d68 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
17:26:41.0773 0x0d68 pla - ok
17:26:41.0851 0x0d68 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:26:41.0960 0x0d68 PlugPlay - ok
17:26:41.0991 0x0d68 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:26:42.0022 0x0d68 PNRPAutoReg - ok
17:26:42.0069 0x0d68 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:26:42.0100 0x0d68 PNRPsvc - ok
17:26:42.0147 0x0d68 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:26:42.0225 0x0d68 PolicyAgent - ok
17:26:42.0272 0x0d68 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
17:26:42.0350 0x0d68 Power - ok
17:26:42.0397 0x0d68 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:26:42.0490 0x0d68 PptpMiniport - ok
17:26:42.0521 0x0d68 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:26:42.0584 0x0d68 Processor - ok
17:26:42.0646 0x0d68 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll
17:26:42.0709 0x0d68 ProfSvc - ok
17:26:42.0724 0x0d68 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\Windows\system32\lsass.exe
17:26:42.0740 0x0d68 ProtectedStorage - ok
17:26:42.0771 0x0d68 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:26:42.0849 0x0d68 Psched - ok
17:26:42.0958 0x0d68 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:26:43.0021 0x0d68 ql2300 - ok
17:26:43.0036 0x0d68 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:26:43.0052 0x0d68 ql40xx - ok
17:26:43.0099 0x0d68 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
17:26:43.0130 0x0d68 QWAVE - ok
17:26:43.0145 0x0d68 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:26:43.0161 0x0d68 QWAVEdrv - ok
17:26:43.0192 0x0d68 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:26:43.0270 0x0d68 RasAcd - ok
17:26:43.0348 0x0d68 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:26:43.0411 0x0d68 RasAgileVpn - ok
17:26:43.0426 0x0d68 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
17:26:43.0489 0x0d68 RasAuto - ok
17:26:43.0551 0x0d68 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:26:43.0660 0x0d68 Rasl2tp - ok
17:26:43.0707 0x0d68 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
17:26:43.0801 0x0d68 RasMan - ok
17:26:43.0832 0x0d68 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:26:43.0910 0x0d68 RasPppoe - ok
17:26:43.0957 0x0d68 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:26:44.0035 0x0d68 RasSstp - ok
17:26:44.0066 0x0d68 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:26:44.0191 0x0d68 rdbss - ok
17:26:44.0222 0x0d68 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:26:44.0284 0x0d68 rdpbus - ok
17:26:44.0300 0x0d68 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:26:44.0393 0x0d68 RDPCDD - ok
17:26:44.0456 0x0d68 [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
17:26:44.0534 0x0d68 RDPDR - ok
17:26:44.0565 0x0d68 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:26:44.0643 0x0d68 RDPENCDD - ok
17:26:44.0659 0x0d68 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:26:44.0674 0x0d68 RDPREFMP - ok
17:26:44.0721 0x0d68 [ 70CBA1A0C98600A2AA1863479B35CB90, 91A133297921B4955817176251AFC5283DA3C7D2099700C4C92ECC94DBE9A99E ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
17:26:44.0815 0x0d68 RdpVideoMiniport - ok
17:26:44.0846 0x0d68 [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:26:44.0939 0x0d68 RDPWD - ok
17:26:44.0986 0x0d68 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:26:45.0033 0x0d68 rdyboost - ok
17:26:45.0080 0x0d68 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:26:45.0173 0x0d68 RemoteAccess - ok
17:26:45.0236 0x0d68 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:26:45.0345 0x0d68 RemoteRegistry - ok
17:26:45.0376 0x0d68 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:26:45.0470 0x0d68 RpcEptMapper - ok
17:26:45.0501 0x0d68 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
17:26:45.0563 0x0d68 RpcLocator - ok
17:26:45.0657 0x0d68 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
17:26:45.0704 0x0d68 RpcSs - ok
17:26:45.0751 0x0d68 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:26:45.0813 0x0d68 rspndr - ok
17:26:45.0907 0x0d68 [ 8181B5E7BFC040E0B26349C73E719335, EBB244A7E8E2CDC51041B2C2A78DCB77324F9E3746942C84902FCD928ADED897 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
17:26:45.0922 0x0d68 RTL8167 - ok
17:26:45.0969 0x0d68 [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys
17:26:46.0047 0x0d68 s3cap - ok
17:26:46.0078 0x0d68 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs C:\Windows\system32\lsass.exe
17:26:46.0094 0x0d68 SamSs - ok
17:26:46.0109 0x0d68 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:26:46.0125 0x0d68 sbp2port - ok
17:26:46.0234 0x0d68 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:26:46.0343 0x0d68 SCardSvr - ok
17:26:46.0375 0x0d68 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:26:46.0484 0x0d68 scfilter - ok
17:26:46.0546 0x0d68 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
17:26:46.0640 0x0d68 Schedule - ok
17:26:46.0687 0x0d68 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
17:26:46.0733 0x0d68 SCPolicySvc - ok
17:26:46.0843 0x0d68 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:26:46.0936 0x0d68 SDRSVC - ok
17:26:47.0045 0x0d68 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:26:47.0123 0x0d68 secdrv - ok
17:26:47.0170 0x0d68 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
17:26:47.0264 0x0d68 seclogon - ok
17:26:47.0311 0x0d68 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
17:26:47.0404 0x0d68 SENS - ok
17:26:47.0435 0x0d68 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:26:47.0513 0x0d68 SensrSvc - ok
17:26:47.0529 0x0d68 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:26:47.0560 0x0d68 Serenum - ok
17:26:47.0591 0x0d68 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:26:47.0638 0x0d68 Serial - ok
17:26:47.0669 0x0d68 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
17:26:47.0732 0x0d68 sermouse - ok
17:26:47.0841 0x0d68 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
17:26:47.0966 0x0d68 SessionEnv - ok
17:26:47.0997 0x0d68 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:26:48.0059 0x0d68 sffdisk - ok
17:26:48.0075 0x0d68 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:26:48.0184 0x0d68 sffp_mmc - ok
17:26:48.0200 0x0d68 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:26:48.0293 0x0d68 sffp_sd - ok
17:26:48.0325 0x0d68 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:26:48.0403 0x0d68 sfloppy - ok
17:26:48.0481 0x0d68 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:26:48.0559 0x0d68 SharedAccess - ok
17:26:48.0621 0x0d68 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:26:48.0715 0x0d68 ShellHWDetection - ok
17:26:48.0808 0x0d68 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:26:48.0855 0x0d68 SiSRaid2 - ok
17:26:48.0886 0x0d68 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
17:26:48.0917 0x0d68 SiSRaid4 - ok
17:26:48.0949 0x0d68 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:26:49.0073 0x0d68 Smb - ok
17:26:49.0167 0x0d68 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:26:49.0245 0x0d68 SNMPTRAP - ok
17:26:49.0292 0x0d68 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
17:26:49.0323 0x0d68 spldr - ok
17:26:49.0370 0x0d68 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
17:26:49.0526 0x0d68 Spooler - ok
17:26:49.0822 0x0d68 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
17:26:50.0056 0x0d68 sppsvc - ok
17:26:50.0103 0x0d68 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:26:50.0197 0x0d68 sppuinotify - ok
17:26:50.0415 0x0d68 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
17:26:50.0540 0x0d68 srv - ok
17:26:50.0618 0x0d68 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:26:50.0743 0x0d68 srv2 - ok
17:26:50.0789 0x0d68 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:26:50.0867 0x0d68 srvnet - ok
17:26:50.0930 0x0d68 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:26:51.0023 0x0d68 SSDPSRV - ok
17:26:51.0039 0x0d68 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:26:51.0070 0x0d68 SstpSvc - ok
17:26:51.0117 0x0d68 [ A87A39F9B42D82F5D60D36BB1D3CC9D3, F609CC721B898B5053FE34B24C94970453BD57441F9A2C93D4F77CB297D56169 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
17:26:51.0148 0x0d68 Steam Client Service - ok
17:26:51.0164 0x0d68 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
17:26:51.0179 0x0d68 stexstor - ok
17:26:51.0242 0x0d68 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
17:26:51.0320 0x0d68 stisvc - ok
17:26:51.0382 0x0d68 [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys
17:26:51.0413 0x0d68 storflt - ok
17:26:51.0429 0x0d68 [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys
17:26:51.0460 0x0d68 storvsc - ok
17:26:51.0476 0x0d68 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
17:26:51.0491 0x0d68 swenum - ok
17:26:51.0679 0x0d68 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
17:26:51.0788 0x0d68 swprv - ok
17:26:51.0803 0x0d68 Synth3dVsc - ok
17:26:51.0866 0x0d68 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
17:26:51.0991 0x0d68 SysMain - ok
17:26:52.0053 0x0d68 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:26:52.0131 0x0d68 TabletInputService - ok
17:26:52.0193 0x0d68 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
17:26:52.0318 0x0d68 TapiSrv - ok
17:26:52.0412 0x0d68 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
17:26:52.0505 0x0d68 TBS - ok
17:26:53.0005 0x0d68 [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:26:53.0067 0x0d68 Tcpip - ok
17:26:53.0161 0x0d68 [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:26:53.0207 0x0d68 TCPIP6 - ok
17:26:53.0270 0x0d68 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:26:53.0348 0x0d68 tcpipreg - ok
17:26:53.0441 0x0d68 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:26:53.0519 0x0d68 TDPIPE - ok
17:26:53.0551 0x0d68 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:26:53.0597 0x0d68 TDTCP - ok
17:26:53.0660 0x0d68 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:26:53.0722 0x0d68 tdx - ok
17:26:53.0769 0x0d68 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
17:26:53.0800 0x0d68 TermDD - ok
17:26:54.0081 0x0d68 [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll
17:26:54.0206 0x0d68 TermService - ok
17:26:54.0268 0x0d68 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
17:26:54.0346 0x0d68 Themes - ok
17:26:54.0377 0x0d68 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
17:26:54.0424 0x0d68 THREADORDER - ok
17:26:54.0471 0x0d68 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
17:26:54.0580 0x0d68 TrkWks - ok
17:26:54.0689 0x0d68 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:26:54.0783 0x0d68 TrustedInstaller - ok
17:26:54.0830 0x0d68 [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:26:54.0939 0x0d68 tssecsrv - ok
17:26:54.0986 0x0d68 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:26:55.0079 0x0d68 TsUsbFlt - ok
17:26:55.0111 0x0d68 tsusbhub - ok
17:26:55.0173 0x0d68 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:26:55.0282 0x0d68 tunnel - ok
17:26:55.0360 0x0d68 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:26:55.0407 0x0d68 uagp35 - ok
17:26:55.0438 0x0d68 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:26:55.0516 0x0d68 udfs - ok
17:26:55.0563 0x0d68 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:26:55.0625 0x0d68 UI0Detect - ok
17:26:55.0688 0x0d68 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:26:55.0719 0x0d68 uliagpkx - ok
17:26:55.0750 0x0d68 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\drivers\umbus.sys
17:26:55.0797 0x0d68 umbus - ok
17:26:55.0828 0x0d68 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:26:55.0859 0x0d68 UmPass - ok
17:26:55.0906 0x0d68 [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll
17:26:56.0015 0x0d68 UmRdpService - ok
17:26:56.0109 0x0d68 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
17:26:56.0249 0x0d68 upnphost - ok
17:26:56.0312 0x0d68 [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
17:26:56.0359 0x0d68 USBAAPL64 - detected UnsignedFile.Multi.Generic ( 1 )
17:26:56.0359 0x0d68 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
17:26:58.0933 0x0d68 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:26:59.0026 0x0d68 usbccgp - ok
17:26:59.0073 0x0d68 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:26:59.0120 0x0d68 usbcir - ok
17:26:59.0151 0x0d68 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:26:59.0167 0x0d68 usbehci - ok
17:26:59.0198 0x0d68 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:26:59.0245 0x0d68 usbhub - ok
17:26:59.0276 0x0d68 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
17:26:59.0354 0x0d68 usbohci - ok
17:26:59.0447 0x0d68 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:26:59.0541 0x0d68 usbprint - ok
17:26:59.0603 0x0d68 [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\drivers\usbscan.sys
17:26:59.0713 0x0d68 usbscan - ok
17:26:59.0759 0x0d68 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:26:59.0853 0x0d68 USBSTOR - ok
17:26:59.0884 0x0d68 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
17:26:59.0900 0x0d68 usbuhci - ok
17:26:59.0962 0x0d68 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
17:27:00.0056 0x0d68 UxSms - ok
17:27:00.0071 0x0d68 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc C:\Windows\system32\lsass.exe
17:27:00.0071 0x0d68 VaultSvc - ok
17:27:00.0103 0x0d68 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:27:00.0118 0x0d68 vdrvroot - ok
17:27:00.0196 0x0d68 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
17:27:00.0290 0x0d68 vds - ok
17:27:00.0337 0x0d68 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:27:00.0383 0x0d68 vga - ok
17:27:00.0446 0x0d68 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
17:27:00.0539 0x0d68 VgaSave - ok
17:27:00.0539 0x0d68 VGPU - ok
17:27:00.0602 0x0d68 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:27:00.0649 0x0d68 vhdmp - ok
17:27:00.0664 0x0d68 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
17:27:00.0695 0x0d68 viaide - ok
17:27:00.0711 0x0d68 [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys
17:27:00.0727 0x0d68 vmbus - ok
17:27:00.0742 0x0d68 [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
17:27:00.0789 0x0d68 VMBusHID - ok
17:27:00.0851 0x0d68 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:27:00.0883 0x0d68 volmgr - ok
17:27:00.0929 0x0d68 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:27:00.0961 0x0d68 volmgrx - ok
17:27:00.0992 0x0d68 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:27:01.0007 0x0d68 volsnap - ok
17:27:01.0054 0x0d68 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
17:27:01.0085 0x0d68 vsmraid - ok
17:27:01.0179 0x0d68 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
17:27:01.0335 0x0d68 VSS - ok
17:27:01.0335 0x0d68 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
17:27:01.0382 0x0d68 vwifibus - ok
17:27:01.0429 0x0d68 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
17:27:01.0475 0x0d68 vwififlt - ok
17:27:01.0522 0x0d68 [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
17:27:01.0538 0x0d68 vwifimp - ok
17:27:01.0678 0x0d68 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
17:27:01.0787 0x0d68 W32Time - ok
17:27:01.0803 0x0d68 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
17:27:01.0850 0x0d68 WacomPen - ok
17:27:01.0897 0x0d68 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:27:01.0975 0x0d68 WANARP - ok
17:27:02.0006 0x0d68 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:27:02.0037 0x0d68 Wanarpv6 - ok
17:27:02.0131 0x0d68 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
17:27:02.0333 0x0d68 wbengine - ok
17:27:02.0411 0x0d68 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:27:02.0505 0x0d68 WbioSrvc - ok
17:27:02.0661 0x0d68 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:27:02.0723 0x0d68 wcncsvc - ok
17:27:02.0755 0x0d68 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:27:02.0864 0x0d68 WcsPlugInService - ok
17:27:02.0926 0x0d68 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
17:27:02.0957 0x0d68 Wd - ok
17:27:03.0004 0x0d68 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:27:03.0082 0x0d68 Wdf01000 - ok
17:27:03.0113 0x0d68 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:27:03.0223 0x0d68 WdiServiceHost - ok
17:27:03.0223 0x0d68 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:27:03.0254 0x0d68 WdiSystemHost - ok
17:27:03.0347 0x0d68 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
17:27:03.0379 0x0d68 WebClient - ok
17:27:03.0410 0x0d68 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:27:03.0457 0x0d68 Wecsvc - ok
17:27:03.0535 0x0d68 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:27:03.0597 0x0d68 wercplsupport - ok
17:27:03.0613 0x0d68 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
17:27:03.0644 0x0d68 WerSvc - ok
17:27:03.0675 0x0d68 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:27:03.0706 0x0d68 WfpLwf - ok
17:27:03.0722 0x0d68 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:27:03.0737 0x0d68 WIMMount - ok
17:27:03.0769 0x0d68 WinDefend - ok
17:27:03.0784 0x0d68 WinHttpAutoProxySvc - ok
17:27:03.0909 0x0d68 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:27:04.0018 0x0d68 Winmgmt - ok
17:27:04.0377 0x0d68 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
17:27:04.0486 0x0d68 WinRM - ok
17:27:04.0595 0x0d68 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
17:27:04.0689 0x0d68 Wlansvc - ok
17:27:04.0939 0x0d68 [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:27:05.0017 0x0d68 wlidsvc - ok
17:27:05.0063 0x0d68 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:27:05.0110 0x0d68 WmiAcpi - ok
17:27:05.0204 0x0d68 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:27:05.0282 0x0d68 wmiApSrv - ok
17:27:05.0344 0x0d68 WMPNetworkSvc - ok
17:27:05.0422 0x0d68 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:27:05.0500 0x0d68 WPCSvc - ok
17:27:05.0547 0x0d68 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:27:05.0594 0x0d68 WPDBusEnum - ok
17:27:05.0641 0x0d68 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:27:05.0750 0x0d68 ws2ifsl - ok
17:27:05.0765 0x0d68 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
17:27:05.0812 0x0d68 wscsvc - ok
17:27:05.0812 0x0d68 WSearch - ok
17:27:05.0984 0x0d68 [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\Windows\system32\wuaueng.dll
17:27:06.0077 0x0d68 wuauserv - ok
17:27:06.0140 0x0d68 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:27:06.0265 0x0d68 WudfPf - ok
17:27:06.0311 0x0d68 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:27:06.0389 0x0d68 WUDFRd - ok
17:27:06.0421 0x0d68 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:27:06.0499 0x0d68 wudfsvc - ok
17:27:06.0608 0x0d68 [ FE90B750AB808FB9DD8FBB428B5FF83B, 3F8F592EC813BE292D305A87C5BA852F8BC3D7CE610612D9871F209A17326AA8 ] WwanSvc C:\Windows\System32\wwansvc.dll
17:27:06.0717 0x0d68 WwanSvc - ok
17:27:06.0826 0x0d68 [ 4A5CE13408945E525503B5F73D29B9C5, D58BB31AF17752508EA67931BF170CE46877DC204FC5DA7EED5A078AEB0CA0FD ] xnacc C:\Windows\system32\DRIVERS\xnacc.sys
17:27:06.0920 0x0d68 xnacc - ok
17:27:06.0982 0x0d68 [ 2EE48CFCE7CA8E0DB4C44C7476C0943B, 2C324592F3F2D50BABA7123B6F9FC922667CC132777E019FF615F2D6F273A45E ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
17:27:07.0076 0x0d68 xusb21 - ok
17:27:07.0107 0x0d68 ================ Scan global ===============================
17:27:07.0154 0x0d68 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
17:27:07.0216 0x0d68 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
17:27:07.0247 0x0d68 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
17:27:07.0310 0x0d68 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
17:27:07.0372 0x0d68 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
17:27:07.0403 0x0d68 [ Global ] - ok
17:27:07.0403 0x0d68 ================ Scan MBR ==================================
17:27:07.0419 0x0d68 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:27:08.0074 0x0d68 \Device\Harddisk0\DR0 - ok
17:27:08.0074 0x0d68 ================ Scan VBR ==================================
17:27:08.0074 0x0d68 [ 9963D53BEC3C2D3F0F76D00E614C3FC7 ] \Device\Harddisk0\DR0\Partition1
17:27:08.0152 0x0d68 \Device\Harddisk0\DR0\Partition1 - ok
17:27:08.0168 0x0d68 [ 9EC2331774583BCA1367D276152B05B1 ] \Device\Harddisk0\DR0\Partition2
17:27:08.0230 0x0d68 \Device\Harddisk0\DR0\Partition2 - ok
17:27:08.0449 0x0d68 Win FW state via NFP2: enabled
17:27:11.0023 0x0d68 ============================================================
17:27:11.0023 0x0d68 Scan finished
17:27:11.0023 0x0d68 ============================================================
17:27:11.0038 0x0570 Detected object count: 4
17:27:11.0038 0x0570 Actual detected object count: 4
17:27:50.0832 0x0570 AddonsHelper ( UnsignedFile.Multi.Generic ) - skipped by user
17:27:50.0832 0x0570 AddonsHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:27:50.0834 0x0570 AsSysCtrlService ( UnsignedFile.Multi.Generic ) - skipped by user
17:27:50.0834 0x0570 AsSysCtrlService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:27:50.0836 0x0570 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
17:27:50.0836 0x0570 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:27:50.0837 0x0570 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
17:27:50.0837 0x0570 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip


FRST habe ich bisher nie benutzt. Kannte nicht einmal das Programm....

ich weiß nicht woran es liegt.

Das mit der Post macht doch nichts, ich bin ja eigentlich der, der hier die Probleme hat

Wie meinst du denn suspekte Einträge?


Alt 28.04.2014, 05:57   #6
Larusso
/// Selecta Jahrusso
 
Bpay Rechnung von Manuel Wagner - Standard

Bpay Rechnung von Manuel Wagner



Sieht ganz gut aus

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> Bpay Rechnung von Manuel Wagner

Alt 03.05.2014, 13:30   #7
Problemtyp
 
Bpay Rechnung von Manuel Wagner - Standard

Bpay Rechnung von Manuel Wagner



Combofix Logfile:
Code:
ATTFilter
ComboFix 14-04-30.01 - Crackhead 03.05.2014  13:14:52.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.8190.6685 [GMT 2:00]
ausgeführt von:: c:\users\Crackhead\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\patch01_01.fs
C:\END
C:\install.exe
c:\programdata\DNSErrorHelper\bhO.dll
C:\readme.txt
C:\uninstall.exe
c:\windows\SysWow64\~GLH00c1.TMP
c:\windows\SysWow64\tmp14BB.tmp
c:\windows\SysWow64\tmp14FA.tmp
c:\windows\SysWow64\tmp4973.tmp
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Run
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-04-03 bis 2014-05-03  ))))))))))))))))))))))))))))))
.
.
2014-04-25 21:45 . 2013-05-06 07:13	110176	----a-w-	c:\windows\system32\klfphc.dll
2014-04-25 21:44 . 2014-04-25 21:44	--------	d-----w-	c:\windows\ELAMBKUP
2014-04-25 21:44 . 2014-04-25 21:44	--------	d-----w-	c:\program files (x86)\Kaspersky Lab
2014-04-25 21:44 . 2014-05-03 11:22	--------	d-----w-	c:\programdata\Kaspersky Lab
2014-04-25 21:43 . 2013-06-08 18:18	112224	----a-w-	c:\windows\system32\drivers\klflt.sys
2014-04-25 21:43 . 2013-10-17 13:47	620640	----a-w-	c:\windows\system32\drivers\klif.sys
2014-04-18 20:40 . 2014-04-14 18:13	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 17:19 . 2012-12-30 01:59	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 17:19 . 2012-12-30 01:59	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-01-30 14:49	281760	----a-w-	c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2014-04-23 1825984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Turbo Key"="c:\program files (x86)\ASUS\Turbo Key\TurboKey.exe" [2009-11-24 1874432]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-01-29 642656]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"TrayServer"="c:\program files (x86)\MAGIX\Video_deluxe_MX_Plus_Sonderedition\TrayServer_de.exe" [2008-08-07 90112]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-08-29 1861968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)
"HideSCAHealth"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 AddonsHelper;AddonsHelper;c:\users\Crackhead\AppData\Local\Temp\OCS\Downloads\db6c8e043b5806271c5ea5ad27b5c968\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe;c:\users\Crackhead\AppData\Local\Temp\OCS\Downloads\db6c8e043b5806271c5ea5ad27b5c968\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R4 klflt;klflt;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 netr28x;Ralink 802.11n-Drahtlostreiber für Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2014-05-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-30 17:19]
.
2014-04-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3031499233-3451666306-1332744430-1000Core.job
- c:\users\Crackhead\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-23 19:06]
.
2014-04-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3031499233-3451666306-1332744430-1000UA.job
- c:\users\Crackhead\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-23 19:06]
.
2014-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3031499233-3451666306-1332744430-1000Core.job
- c:\users\Crackhead\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-01 15:54]
.
2014-05-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3031499233-3451666306-1332744430-1000UA.job
- c:\users\Crackhead\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-01 15:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-01-30 14:49	342176	----a-w-	c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-12-30 7560296]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=20.3.1.22
mStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=20.3.1.22
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{9B6B03F1-16CF-4491-BBBB-E872802DD717} - c:\programdata\DNSErrorHelper\bho.dll
Wow6432Node-HKCU-Run-RGSC - c:\program files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
Wow6432Node-HKCU-Run-Udxoryysna - c:\users\Crackhead\AppData\Roaming\Ucuqge\xeiwo.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MpsSvc]
"ImagePath"="."
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3031499233-3451666306-1332744430-1000\Software\SecuROM\License information*]
"datasecu"=hex:6a,da,b3,c7,2e,cb,2f,6c,5b,1b,74,ec,c6,c3,8a,68,f1,24,fa,32,b2,
   42,f1,68,80,83,52,45,0d,33,64,08,c9,48,63,69,14,8a,6e,82,67,df,e2,c2,d3,e6,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-05-03  13:29:29 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-05-03 11:29
.
Vor Suchlauf: 17 Verzeichnis(se), 587.898.101.760 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 588.311.953.408 Bytes frei
.
- - End Of File - - 0B483710046229FAE74E0B2772F54D0C
         
--- --- ---
A36C5E4F47E84449FF07ED3517B43A31

Alt 03.05.2014, 13:40   #8
Larusso
/// Selecta Jahrusso
 
Bpay Rechnung von Manuel Wagner - Standard

Bpay Rechnung von Manuel Wagner



Hy

Downloade dir bitte Farbar Service Scanner Farbar Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.





Lösche bitte die vorhandene FRST.exe


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 03.05.2014, 15:27   #9
Problemtyp
 
Bpay Rechnung von Manuel Wagner - Standard

Bpay Rechnung von Manuel Wagner



Danke für die Rückmeldung

Farbar Service Scanner Version: 03-05-2014
Ran by Crackhead (administrator) on 03-05-2014 at 15:25:47
Running from "C:\Users\Crackhead\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is set to Demand. The default start type is Auto.
The ImagePath of MpsSvc: ".".
Unable to retrieve ServiceDll of MpsSvc. The value does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Alt 03.05.2014, 17:20   #10
Larusso
/// Selecta Jahrusso
 
Bpay Rechnung von Manuel Wagner - Standard

Bpay Rechnung von Manuel Wagner



Ich brauch noch die FRST Logfile
( Bitte gehe sicher, dass bei Additions.txt ein Haken gesetzt ist )
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 03.05.2014, 17:36   #11
Problemtyp
 
Bpay Rechnung von Manuel Wagner - Standard

Bpay Rechnung von Manuel Wagner



Oh shit, tut mir leid, habe ich falsch verstanden. Okay hab noch einmal neu abgescannt. Bitteschön:

FRST Additions Logfile:
FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-05-2014
Ran by Crackhead at 2014-05-03 17:34:54
Running from C:\Users\Crackhead\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Internet Security (Disabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Disabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Disabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 12.10.100.30129 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1124.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{95C72239-576E-E2B4-2828-4D0AC8AB05BF}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.0129.1541.28099 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.80129.1536 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2013.0129.1541.28099 - Ihr Firmenname) Hidden
Apple Application Support (HKLM-x32\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.0.0.0 - Electronic Arts)
Battlefield Vietnam(TM) (HKLM-x32\...\{E35B3C63-E958-4E31-A178-95D22024109A}) (Version:  - )
Battlefield: Bad Company™ 2 (HKLM-x32\...\{3AC8457C-0385-4BEA-A959-E095F05D6D67}) (Version: 1.0.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.1.2 - EA Digital Illusions CE AB)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Call of Duty: Black Ops - Multiplayer (HKLM-x32\...\Steam App 42710) (Version:  - Treyarch)
Call of Duty: Black Ops (HKLM-x32\...\Steam App 42700) (Version:  - Treyarch)
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM-x32\...\Steam App 10190) (Version:  - Infinity Ward)
Call of Duty: Modern Warfare 2 (HKLM-x32\...\Steam App 10180) (Version:  - Infinity Ward)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0129.1541.28099 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0129.1541.28099 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0129.1541.28099 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0129.1540.28099 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0129.1540.28099 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0129.1540.28099 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0129.1540.28099 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0129.1540.28099 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0129.1540.28099 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0129.1540.28099 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0129.1540.28099 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0129.1540.28099 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0129.1540.28099 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0129.1540.28099 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0129.1540.28099 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0129.1540.28099 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0129.1540.28099 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0129.1540.28099 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0129.1540.28099 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0129.1540.28099 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0129.1540.28099 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0129.1540.28099 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0129.1540.28099 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0129.1540.28099 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0129.1540.28099 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0129.1541.28099 - Advanced Micro Devices, Inc.) Hidden
ClipGrab 3.2.0.11 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version:  - Philipp Schmieder Medien)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.40.1.0127 - DT Soft Ltd)
Day of Defeat: Source (HKLM-x32\...\Steam App 300) (Version:  - Valve)
Destinations (x32 Version: 140.0.0.0 - Hewlett-Packard) Hidden
Empires Dawn of the Modern World (HKLM-x32\...\Empires Dawn of the Modern World) (Version:  - )
EPU-4 Engine (HKLM-x32\...\{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}) (Version: 1.02.01 - )
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Free YouTube Download version 3.2.12.827 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.12.827 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.20.1230 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.20.1230 - DVDVideoSoft Ltd.)
Google Chrome (HKCU\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Grand Theft Auto IV (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
HP Imaging Device Functions 14.5 (HKLM\...\HP Imaging Device Functions) (Version: 14.5 - HP)
HP Scanjet G3110 (HKLM\...\{6F0EFDE0-EFEB-41CA-9446-ACB7A942911E}) (Version: 14.5 - HP)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
hpg3110 (x32 Version: 140.000.000.000 - Ihr Firmenname) Hidden
iTunes (HKLM\...\{0225AD21-F3E2-4916-BFF3-65D3F9052582}) (Version: 11.0.2.26 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Mafia (HKLM-x32\...\Mafia) (Version:  - )
MAGIX Screenshare (HKLM-x32\...\MAGIX_{BA816CCA-0FEA-4A68-9AD0-4CF3D2DF40CC}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Screenshare (x32 Version: 4.3.6.1987 - MAGIX AG) Hidden
MAGIX Speed burnR (MSI) (HKLM-x32\...\MAGIX_{36F289DE-F9E6-4AD3-AD37-90CCB61F1638}) (Version: 7.0.2.6 - MAGIX AG)
MAGIX Speed burnR (MSI) (x32 Version: 7.0.2.6 - MAGIX AG) Hidden
MAGIX Video deluxe MX Plus Sonderedition (HKLM-x32\...\MAGIX_{E41712A1-DEEB-4D10-BCF1-046BA0611F94}) (Version: 11.0.5.0 - MAGIX AG)
MAGIX Video deluxe MX Plus Sonderedition (x32 Version: 11.0.5.0 - MAGIX AG) Hidden
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.11.2678 - Electronic Arts, Inc.)
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.52.203.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6526 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: 1.90 - Ghostgum Software Pty Ltd)
Scan (x32 Version: 14.0.1.0 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
Turbo Key (HKLM-x32\...\{B83F7FA5-3191-4E39-A1F2-8A9038BD0B04}) (Version: 1.01.03 - )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Restore Points  =========================

05-04-2014 10:33:40 Geplanter Prüfpunkt
15-04-2014 11:39:14 Geplanter Prüfpunkt
18-04-2014 20:29:55 DirectX wurde installiert
18-04-2014 20:34:38 Installed Java 7 Update 55
03-05-2014 11:10:19 ComboFix created restore point
03-05-2014 11:12:17 ComboFix created restore point
03-05-2014 11:32:35 Windows Update
03-05-2014 13:36:08 Removed Firebird SQL Server - MAGIX Edition

==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-05-03 13:22 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {28F9EBF1-14DA-4BB1-8057-040CE78EA1D0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-03] (Adobe Systems Incorporated)
Task: {37A4C94C-14DB-4788-B2FB-D3C0A5BA60C7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3031499233-3451666306-1332744430-1000UA => C:\Users\Crackhead\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-01] (Google Inc.)
Task: {53A022A1-C3A6-4721-A710-143B0F8A81B0} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe [2010-02-03] (ASUSTeK Computer Inc.)
Task: {A056C9EE-0AB3-4F61-9900-CCC8EF8D6B1A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3031499233-3451666306-1332744430-1000Core => C:\Users\Crackhead\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-01] (Google Inc.)
Task: {A2A08365-19D2-44CF-8309-D8952D9247BC} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3031499233-3451666306-1332744430-1000UA => C:\Users\Crackhead\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-23] (Facebook Inc.)
Task: {A6476D33-6430-42F0-B24A-6D4F9A87A7C3} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3031499233-3451666306-1332744430-1000Core => C:\Users\Crackhead\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-23] (Facebook Inc.)
Task: {BD0E0A7B-6686-43EA-AF7C-435B97570C4A} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3031499233-3451666306-1332744430-1000Core.job => C:\Users\Crackhead\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3031499233-3451666306-1332744430-1000UA.job => C:\Users\Crackhead\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3031499233-3451666306-1332744430-1000Core.job => C:\Users\Crackhead\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3031499233-3451666306-1332744430-1000UA.job => C:\Users\Crackhead\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-01-29 16:53 - 2013-01-29 16:53 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-01-29 16:53 - 2013-01-29 16:53 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2012-12-30 02:02 - 2009-03-19 23:35 - 00208896 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\AiNap.dll
2012-12-30 02:02 - 2009-03-19 23:35 - 00008704 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\vvc.dll
2012-12-30 02:02 - 2009-01-15 15:55 - 00565248 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll
2012-12-30 02:02 - 2009-03-25 17:53 - 00053248 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\AsSpindownTimeout.dll
2012-12-30 02:03 - 2009-04-29 15:24 - 00253952 _____ () C:\Program Files (x86)\ASUS\Turbo Key\pngio.dll
2012-12-30 02:03 - 2009-04-29 15:24 - 00208896 _____ () C:\Program Files (x86)\ASUS\Turbo Key\AiNap.dll
2012-12-30 02:03 - 2009-04-29 15:24 - 00008704 _____ () C:\Program Files (x86)\ASUS\Turbo Key\vvc.dll
2014-02-07 22:08 - 2014-04-22 00:55 - 00340480 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2014-04-25 22:33 - 2014-04-22 00:55 - 00471552 _____ () C:\Program Files (x86)\Steam\libavutil-53.dll
2013-03-12 18:10 - 2014-04-01 00:09 - 00754688 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2013-01-02 15:02 - 2014-04-24 00:01 - 01092288 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-01-02 15:02 - 2014-03-03 21:15 - 20626624 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2013-01-02 15:02 - 2013-06-15 01:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2013-01-02 15:02 - 2013-06-15 01:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2013-01-02 15:02 - 2013-06-15 01:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
2014-04-12 10:54 - 2014-04-02 03:57 - 00065352 _____ () C:\Users\Crackhead\AppData\Local\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
2014-04-12 10:54 - 2014-04-02 03:57 - 00674632 _____ () C:\Users\Crackhead\AppData\Local\Google\Chrome\Application\34.0.1847.116\libglesv2.dll
2014-04-12 10:54 - 2014-04-02 03:57 - 00093000 _____ () C:\Users\Crackhead\AppData\Local\Google\Chrome\Application\34.0.1847.116\libegl.dll
2014-04-12 10:54 - 2014-04-02 03:57 - 04081480 _____ () C:\Users\Crackhead\AppData\Local\Google\Chrome\Application\34.0.1847.116\pdf.dll
2014-04-12 10:54 - 2014-04-02 03:58 - 00390472 _____ () C:\Users\Crackhead\AppData\Local\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
2014-04-12 10:54 - 2014-04-02 03:57 - 01647432 _____ () C:\Users\Crackhead\AppData\Local\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/03/2014 04:41:34 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: speed2.exe, Version: 0.0.0.0, Zeitstempel: 0x417d8e48
Name des fehlerhaften Moduls: speed2.exe, Version: 0.0.0.0, Zeitstempel: 0x417d8e48
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00207519
ID des fehlerhaften Prozesses: 0x824
Startzeit der fehlerhaften Anwendung: 0xspeed2.exe0
Pfad der fehlerhaften Anwendung: speed2.exe1
Pfad des fehlerhaften Moduls: speed2.exe2
Berichtskennung: speed2.exe3

Error: (05/03/2014 03:37:55 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/27/2014 05:05:50 AM) (Source: Application Hang) (User: )
Description: Programm Empires_DMW.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 644

Startzeit: 01cf61a0183527d0

Endzeit: 163

Anwendungspfad: C:\Program Files (x86)\Activision\Empires Dawn of the Modern World\Empires_DMW.exe

Berichts-ID:

Error: (04/26/2014 07:35:30 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6779398

Error: (04/26/2014 07:35:30 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6779398

Error: (04/26/2014 07:35:30 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/26/2014 05:42:42 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11310

Error: (04/26/2014 05:42:42 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11310

Error: (04/26/2014 05:42:42 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/26/2014 05:42:41 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10093


System errors:
=============
Error: (05/03/2014 05:34:48 PM) (Source: DCOM) (User: )
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}

Error: (05/03/2014 03:21:57 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143.

Error: (05/03/2014 03:21:01 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "AddonsHelper" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/03/2014 01:24:02 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143.

Error: (05/03/2014 01:22:26 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "AddonsHelper" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/03/2014 01:21:20 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (05/03/2014 01:21:13 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (05/03/2014 01:20:29 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (05/03/2014 01:18:31 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (05/03/2014 01:03:39 PM) (Source: Service Control Manager) (User: )
Description: Dienst "AddonsHelper" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (05/03/2014 04:41:34 PM) (Source: Application Error)(User: )
Description: speed2.exe0.0.0.0417d8e48speed2.exe0.0.0.0417d8e48c00000050020751982401cf66d816811f6cC:\Program Files (x86)\EA GAMES\Need for Speed Underground 2\speed2.exeC:\Program Files (x86)\EA GAMES\Need for Speed Underground 2\speed2.exe05c886e6-d2d1-11e3-afa9-50465d6845cd

Error: (05/03/2014 03:37:55 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

Error: (04/27/2014 05:05:50 AM) (Source: Application Hang)(User: )
Description: Empires_DMW.exe0.0.0.064401cf61a0183527d0163C:\Program Files (x86)\Activision\Empires Dawn of the Modern World\Empires_DMW.exe

Error: (04/26/2014 07:35:30 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6779398

Error: (04/26/2014 07:35:30 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6779398

Error: (04/26/2014 07:35:30 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/26/2014 05:42:42 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11310

Error: (04/26/2014 05:42:42 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11310

Error: (04/26/2014 05:42:42 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/26/2014 05:42:41 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10093


CodeIntegrity Errors:
===================================
  Date: 2014-05-03 13:20:29.507
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-03 13:20:29.382
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-04-26 06:17:39.867
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-26 06:17:39.861
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-26 06:17:39.854
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-26 04:24:25.176
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-26 04:24:25.149
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-26 04:24:25.082
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 30%
Total physical RAM: 8190.12 MB
Available physical RAM: 5653.82 MB
Total Pagefile: 16378.41 MB
Available Pagefile: 13217.41 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:917.85 GB) (Free:544.57 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:13.66 GB) (Free:1.88 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=918 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=14 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
--- --- ---



FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2014
Ran by Crackhead (administrator) on CRACKHEAD-PC on 03-05-2014 17:31:30
Running from C:\Users\Crackhead\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Google Inc.) C:\Users\Crackhead\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Crackhead\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Crackhead\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Crackhead\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Crackhead\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Crackhead\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Crackhead\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Crackhead\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Crackhead\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Crackhead\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Crackhead\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Crackhead\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Crackhead\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Media Player\wmpshare.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7560296 2012-12-30] (Realtek Semiconductor)
HKLM-x32\...\Run: [Turbo Key] => C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe [1874432 2009-11-24] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-01-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [TrayServer] => C:\Program Files (x86)\MAGIX\Video_deluxe_MX_Plus_Sonderedition\TrayServer_de.exe [90112 2008-08-07] (MAGIX AG)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\.DEFAULT\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\.DEFAULT\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3031499233-3451666306-1332744430-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1825984 2014-04-24] (Valve Corporation)
HKU\S-1-5-21-3031499233-3451666306-1332744430-1000\...\Policies\Explorer: [TaskbarNoNotification] 1

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=20.3.1.22
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x53CFB7E21EE6CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=20.3.1.22
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchURL = hxxp://home.microsoft.com/access/autosearch.asp?p=%s
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {721061fb-eb79-4568-a03c-3ce26d68dae9} URL = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197
SearchScopes: HKLM-x32 - {721061fb-eb79-4568-a03c-3ce26d68dae9} URL = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197
SearchScopes: HKCU - DefaultScope {721061fb-eb79-4568-a03c-3ce26d68dae9} URL = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=28E050465D6845CD&affID=121565&tsp=5003
SearchScopes: HKCU - {721061fb-eb79-4568-a03c-3ce26d68dae9} URL = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/mb201/?search={searchTerms}&loc=IB_DS&a=6PQXbA0S1r&i=26
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: DNS Error Helper - {9B6B03F1-16CF-4491-BBBB-E872802DD717} - C:\ProgramData\DNSErrorHelper\bho.dll No File
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Crackhead\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Crackhead\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Crackhead\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-04-25]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-04-25]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-04-25]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-04-25]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-04-25]

Chrome: 
=======
CHR HomePage: hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=28E050465D6845CD&affID=121565&tsp=5003
CHR Plugin: (Shockwave Flash) - C:\Users\Crackhead\AppData\Local\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Crackhead\AppData\Local\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Crackhead\AppData\Local\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
CHR Plugin: (Injovo Extension Plugin) - C:\Users\Crackhead\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.557_0\npbrowserext.dll No File
CHR Plugin: (Free Studio) - C:\Users\Crackhead\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\np_dvs_plugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Crackhead\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Google Update) - C:\Users\Crackhead\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (Google Drive) - C:\Users\Crackhead\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-01]
CHR Extension: (YouTube) - C:\Users\Crackhead\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-01]
CHR Extension: (Google-Suche) - C:\Users\Crackhead\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-01]
CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\Crackhead\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-04-26]
CHR Extension: (AdBlock) - C:\Users\Crackhead\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-02-01]
CHR Extension: (Sicherer Zahlungsverkehr) - C:\Users\Crackhead\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-04-26]
CHR Extension: (Modul zum Sperren von gefährlichen Webseiten) - C:\Users\Crackhead\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-04-26]
CHR Extension: (ProxMate - Proxy on steroids!) - C:\Users\Crackhead\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm [2013-05-13]
CHR Extension: (Virtuelle Tastatur) - C:\Users\Crackhead\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-04-26]
CHR Extension: (Google Wallet) - C:\Users\Crackhead\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Google Mail) - C:\Users\Crackhead\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-01]
CHR Extension: (Anti-Banner) - C:\Users\Crackhead\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-04-26]
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx [2014-04-26]
CHR HKCU\...\Chrome\Extension: [hkoahcaobjbihehldfimhblmhgalcipm] - C:\Users\Crackhead\AppData\Local\CRE\hkoahcaobjbihehldfimhblmhgalcipm.crx [2013-06-02]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-02-22]
CHR HKLM-x32\...\Chrome\Extension: [aakchaleigkohafkfjfjbblobjifikek] - C:\Users\Crackhead\AppData\LocalLow\proxtube\CHROME\proxtube.crx [2012-04-19]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [gaffpnfojcdkcdimoobneboagdnnenbo] - C:\Users\Crackhead\AppData\Roaming\DNSHelper Chrome\DNSHelper.crx [2013-02-01]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hkoahcaobjbihehldfimhblmhgalcipm] - C:\Users\Crackhead\AppData\Local\CRE\hkoahcaobjbihehldfimhblmhgalcipm.crx [2013-06-02]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\Crackhead\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [niogeckbkdcabhnapjbkeiklablhjoca] - C:\Program Files (x86)\Perion\ChromeInfoBar\ChromeInfoBar.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Users\Crackhead\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-01-29] (Advanced Micro Devices, Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-08-19] (ASUSTeK Computer Inc.)
S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MpsSvc; . [0 2014-05-03] ()
S2 AddonsHelper; C:\Users\Crackhead\AppData\Local\Temp\OCS\Downloads\db6c8e043b5806271c5ea5ad27b5c968\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe [X]

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2013-02-28] (DT Soft Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2013-10-17] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [112224 2013-06-08] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620640 2013-10-17] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178784 2013-06-06] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-17] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-03 17:31 - 2014-05-03 17:34 - 00022518 _____ () C:\Users\Crackhead\Desktop\FRST.txt
2014-05-03 17:31 - 2014-05-03 17:31 - 00000000 ____D () C:\FRST
2014-05-03 17:30 - 2014-05-03 17:30 - 02062336 _____ (Farbar) C:\Users\Crackhead\Desktop\FRST64.exe
2014-05-03 17:29 - 2014-05-03 17:30 - 02062336 _____ (Farbar) C:\Users\Crackhead\Downloads\FRST64.exe
2014-05-03 16:42 - 2014-05-03 16:42 - 00000000 ____D () C:\Users\Crackhead\AppData\Local\CrashDumps
2014-05-03 15:25 - 2014-05-03 15:26 - 00002482 _____ () C:\Users\Crackhead\Desktop\FSS.txt
2014-05-03 15:25 - 2014-05-03 15:25 - 00408576 _____ (Farbar) C:\Users\Crackhead\Desktop\FSS.exe
2014-05-03 13:29 - 2014-05-03 13:29 - 00017419 _____ () C:\ComboFix.txt
2014-05-03 13:10 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-03 13:10 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-03 13:10 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-03 13:10 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-03 13:10 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-03 13:10 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-03 13:10 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-03 13:10 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-03 13:03 - 2014-05-03 13:29 - 00000000 ____D () C:\Qoobox
2014-05-03 13:03 - 2014-05-03 13:27 - 00000000 ____D () C:\Windows\erdnt
2014-05-03 13:03 - 2014-05-03 13:03 - 00000000 ___RD () C:\Users\Crackhead\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-03 13:03 - 2014-05-03 13:03 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-03 13:01 - 2014-05-03 13:02 - 05197895 ____R (Swearware) C:\Users\Crackhead\Desktop\ComboFix.exe
2014-04-26 17:24 - 2014-04-26 17:24 - 04143738 _____ () C:\Users\Crackhead\Desktop\tdsskiller.zip
2014-04-26 17:24 - 2014-04-26 17:24 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Crackhead\Desktop\tdsskiller.exe
2014-04-26 17:24 - 2014-04-24 15:05 - 00000000 ____D () C:\Users\Crackhead\Desktop\TDSSKiller
2014-04-26 07:33 - 2014-04-26 07:33 - 00262144 _____ () C:\Windows\system32\config\elam
2014-04-25 23:46 - 2014-04-25 23:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2014-04-25 23:46 - 2014-04-25 23:45 - 00001126 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2014-04-25 23:45 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2014-04-25 23:44 - 2014-05-03 15:21 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-04-25 23:44 - 2014-04-25 23:44 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-04-25 23:44 - 2014-04-25 23:44 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-04-25 23:43 - 2013-10-17 15:47 - 00620640 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-04-25 23:43 - 2013-06-08 20:18 - 00112224 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-04-18 22:40 - 2014-04-18 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-18 22:40 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-18 22:40 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-18 22:40 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-18 22:40 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-18 22:35 - 2014-04-18 22:40 - 00004253 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-12 20:52 - 2014-04-12 20:52 - 00004096 _____ () C:\Windows\d3dx.dat

==================== One Month Modified Files and Folders =======

2014-05-03 17:34 - 2014-05-03 17:31 - 00022518 _____ () C:\Users\Crackhead\Desktop\FRST.txt
2014-05-03 17:34 - 2002-01-01 01:48 - 01994062 _____ () C:\Windows\WindowsUpdate.log
2014-05-03 17:31 - 2014-05-03 17:31 - 00000000 ____D () C:\FRST
2014-05-03 17:30 - 2014-05-03 17:30 - 02062336 _____ (Farbar) C:\Users\Crackhead\Desktop\FRST64.exe
2014-05-03 17:30 - 2014-05-03 17:29 - 02062336 _____ (Farbar) C:\Users\Crackhead\Downloads\FRST64.exe
2014-05-03 17:19 - 2012-12-30 03:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-03 17:11 - 2013-01-23 21:06 - 00000944 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3031499233-3451666306-1332744430-1000UA.job
2014-05-03 17:01 - 2013-02-01 17:54 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3031499233-3451666306-1332744430-1000UA.job
2014-05-03 16:42 - 2014-05-03 16:42 - 00000000 ____D () C:\Users\Crackhead\AppData\Local\CrashDumps
2014-05-03 16:21 - 2012-12-30 03:59 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-03 16:21 - 2012-12-30 03:59 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-03 16:21 - 2012-12-30 03:59 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-03 15:37 - 2013-07-23 16:15 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-05-03 15:37 - 2013-07-23 16:14 - 00000000 ____D () C:\ProgramData\DivX
2014-05-03 15:36 - 2013-01-02 14:58 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-05-03 15:26 - 2014-05-03 15:25 - 00002482 _____ () C:\Users\Crackhead\Desktop\FSS.txt
2014-05-03 15:26 - 2009-07-14 06:45 - 00014384 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-03 15:26 - 2009-07-14 06:45 - 00014384 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-03 15:25 - 2014-05-03 15:25 - 00408576 _____ (Farbar) C:\Users\Crackhead\Desktop\FSS.exe
2014-05-03 15:21 - 2014-04-25 23:44 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-05-03 15:21 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-03 15:20 - 2009-07-14 06:51 - 00147421 _____ () C:\Windows\setupact.log
2014-05-03 13:35 - 2013-08-15 11:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-03 13:29 - 2014-05-03 13:29 - 00017419 _____ () C:\ComboFix.txt
2014-05-03 13:29 - 2014-05-03 13:03 - 00000000 ____D () C:\Qoobox
2014-05-03 13:27 - 2014-05-03 13:03 - 00000000 ____D () C:\Windows\erdnt
2014-05-03 13:22 - 2013-01-03 15:01 - 00723780 _____ () C:\Windows\PFRO.log
2014-05-03 13:22 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-03 13:21 - 2009-07-14 04:34 - 62128128 _____ () C:\Windows\system32\config\software.bak
2014-05-03 13:21 - 2009-07-14 04:34 - 20709376 _____ () C:\Windows\system32\config\system.bak
2014-05-03 13:21 - 2009-07-14 04:34 - 00524288 _____ () C:\Windows\system32\config\default.bak
2014-05-03 13:21 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-05-03 13:21 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-05-03 13:20 - 2013-02-01 19:06 - 00000000 ____D () C:\ProgramData\DNSErrorHelper
2014-05-03 13:03 - 2014-05-03 13:03 - 00000000 ___RD () C:\Users\Crackhead\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-03 13:03 - 2014-05-03 13:03 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-03 13:02 - 2014-05-03 13:01 - 05197895 ____R (Swearware) C:\Users\Crackhead\Desktop\ComboFix.exe
2014-04-26 17:24 - 2014-04-26 17:24 - 04143738 _____ () C:\Users\Crackhead\Desktop\tdsskiller.zip
2014-04-26 17:24 - 2014-04-26 17:24 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Crackhead\Desktop\tdsskiller.exe
2014-04-26 10:01 - 2013-02-01 17:54 - 00001084 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3031499233-3451666306-1332744430-1000Core.job
2014-04-26 07:33 - 2014-04-26 07:33 - 00262144 _____ () C:\Windows\system32\config\elam
2014-04-25 23:46 - 2014-04-25 23:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2014-04-25 23:45 - 2014-04-25 23:46 - 00001126 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2014-04-25 23:44 - 2014-04-25 23:44 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-04-25 23:44 - 2014-04-25 23:44 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-04-25 17:27 - 2013-02-18 23:07 - 01595392 ___SH () C:\Users\Crackhead\Desktop\Thumbs.db
2014-04-24 15:05 - 2014-04-26 17:24 - 00000000 ____D () C:\Users\Crackhead\Desktop\TDSSKiller
2014-04-18 22:40 - 2014-04-18 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-18 22:40 - 2014-04-18 22:35 - 00004253 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-18 22:40 - 2013-10-28 10:06 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-18 22:40 - 2013-10-28 09:28 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-18 22:33 - 2012-12-30 16:59 - 00326654 _____ () C:\Windows\DirectX.log
2014-04-15 15:35 - 2009-07-14 19:58 - 00654150 _____ () C:\Windows\system32\perfh007.dat
2014-04-15 15:35 - 2009-07-14 19:58 - 00130022 _____ () C:\Windows\system32\perfc007.dat
2014-04-15 15:35 - 2009-07-14 07:13 - 01498742 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-14 20:13 - 2014-04-18 22:40 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-14 20:05 - 2014-04-18 22:40 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-14 20:05 - 2014-04-18 22:40 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-14 20:04 - 2014-04-18 22:40 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-12 20:52 - 2014-04-12 20:52 - 00004096 _____ () C:\Windows\d3dx.dat
2014-04-12 20:11 - 2013-01-23 21:06 - 00000922 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3031499233-3451666306-1332744430-1000Core.job
2014-04-05 09:56 - 2013-02-01 17:54 - 00004118 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3031499233-3451666306-1332744430-1000UA
2014-04-05 09:56 - 2013-02-01 17:54 - 00003722 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3031499233-3451666306-1332744430-1000Core

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-12 20:43

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

Geändert von Problemtyp (03.05.2014 um 17:37 Uhr) Grund: Hinzugefügt

Alt 03.05.2014, 18:24   #12
Larusso
/// Selecta Jahrusso
 
Bpay Rechnung von Manuel Wagner - Standard

Bpay Rechnung von Manuel Wagner



Kein Problem. Paar Dinge sind noch zu tun

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKU\S-1-5-21-3031499233-3451666306-1332744430-1000\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=28E050465D6845CD&affID=121565&tsp=5003
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/mb201/?search={searchTerms}&loc=IB_DS&a=6PQXbA0S1r&i=26
CHR HomePage: hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=28E050465D6845CD&affID=121565&tsp=5003
CHR HKCU\...\Chrome\Extension: [hkoahcaobjbihehldfimhblmhgalcipm] - C:\Users\Crackhead\AppData\Local\CRE\hkoahcaobjbihehldfimhblmhgalcipm.crx [2013-06-02]
S2 AddonsHelper; C:\Users\Crackhead\AppData\Local\Temp\OCS\Downloads\db6c8e043b5806271c5ea5ad27b5c968\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe [X]
C:\Users\Crackhead\AppData\Local\Temp\OCS\Downloads\db6c8e043b5806271c5ea5ad27b5c968
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



Downloade dir bitte folgende Datei auf deinem Desktop.
http://download.bleepingcomputer.com...s/7/MpsSvc.reg

Schließe alle laufenden Programme. Doppelklick auf die MpsSvc.reg und erlaube die Änderungen an der Registry.
Starte danach den Rechner neu auf.



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Gibt es noch Probleme ?
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Antwort

Themen zu Bpay Rechnung von Manuel Wagner
administrator, appdatalow, autostart, csrss.exe, malware.trace, manuel wagner, manuel wagner-8pay-exe-trojaner-rechnung, microsoft, pup.optional.babylon.a, pup.optional.bundleinstaller.a, pup.optional.conduit.a, pup.optional.datamngr.a, pup.optional.homepageprotector.a, pup.optional.incredibar.a, pup.optional.opencandy, pup.optional.softonic.a, pup.optional.sprotector.a, pup.optional.sweetim.a, senden, spyware.zbot.ed, trojan.agent, trojan.sermis, windows firewall



Ähnliche Themen: Bpay Rechnung von Manuel Wagner


  1. Win 8.1 - Updates laden nicht, auch nicht manuel
    Log-Analyse und Auswertung - 24.03.2015 (16)
  2. gefälschte Rechnung von Vodaphone mit falschem Link zur angeblichen .pdf-Rechnung
    Plagegeister aller Art und deren Bekämpfung - 18.12.2014 (9)
  3. Rechnung.exe von Manuel Wagner geöffnet
    Plagegeister aller Art und deren Bekämpfung - 30.04.2014 (5)
  4. BpayAG Manuel Wagner Bereff Ihre Rechnung (.exe)
    Plagegeister aller Art und deren Bekämpfung - 25.04.2014 (3)
  5. Manuell Wagner/Trojaner Rechnung.exe aus versehen geöffnet…Was tun?
    Alles rund um Mac OSX & Linux - 23.04.2014 (4)
  6. Trojaner aus Amazon-Rechnung "775499404.Rechnung.11.08.13.PDF.exe"
    Plagegeister aller Art und deren Bekämpfung - 10.12.2013 (16)
  7. Elektroshop Wagner
    Log-Analyse und Auswertung - 25.08.2013 (12)
  8. Spam Mail von Elektroshop Wagner geöffnet
    Log-Analyse und Auswertung - 25.08.2013 (28)
  9. Elektroshop Wagner
    Log-Analyse und Auswertung - 25.08.2013 (8)
  10. Elektroshop Wagner (Phishingmail) mit Anhang geöffnet und Trojaner ? (TR/Peed.777) eingefangen.
    Plagegeister aller Art und deren Bekämpfung - 12.08.2013 (18)
  11. Elektroshop Wagner Anhang versucht zu öffnen
    Log-Analyse und Auswertung - 30.05.2013 (9)
  12. Elektroshop Wagner , leider geöffnet.............
    Log-Analyse und Auswertung - 25.05.2013 (13)
  13. SPAM Elektroshop Wagner - TR/Spy.Abvier.A und TR/Spy.ZBot.PR
    Log-Analyse und Auswertung - 23.05.2013 (9)
  14. o2 Rechnung.pdf
    Plagegeister aller Art und deren Bekämpfung - 19.03.2012 (3)
  15. Tastur wird deaktiviert und bootvorgang nur noch manuel
    Plagegeister aller Art und deren Bekämpfung - 24.09.2008 (3)
  16. Rechnung pdf.exe
    Plagegeister aller Art und deren Bekämpfung - 11.01.2007 (9)

Zum Thema Bpay Rechnung von Manuel Wagner - Hallo ich habe eine Frage, habe einen Text bekommen das ich eine Rechnung bezahlen soll von Manuel Wagner. Folgender Text: Betreff: Ihre Rechnung Absender: Manuel Wagner <private E-Mail-Adresse> Anhang: Rechnung.exe - Bpay Rechnung von Manuel Wagner...
Archiv
Du betrachtest: Bpay Rechnung von Manuel Wagner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.